Skills
NYC
skills/doggy8088/agent-skills/beautiful-mermaid/Gen Agent Trust Hub

beautiful-mermaid

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (HIGH): The script scripts/render.ts dynamically installs the beautiful-mermaid library at runtime via npm or bun. This library is not from a verified trusted source.
  • COMMAND_EXECUTION (HIGH): scripts/render.ts uses node:child_process.execSync to run shell commands for package installation.
  • REMOTE_CODE_EXECUTION (HIGH): The skill performs runtime installation and dynamic importing of an untrusted package, which can lead to execution of arbitrary remote code.
  • PROMPT_INJECTION (HIGH): Significant indirect prompt injection surface (Category 8). 1. Ingestion Point: scripts/render.ts accepts user-supplied Mermaid code or descriptions. 2. Boundary Markers: None present to delimit user input. 3. Capability Inventory: The agent-browser skill is used to open the resulting HTML, providing a full browser execution context. 4. Sanitization: scripts/create-html.ts interpolates raw SVG content into an HTML template without any sanitization or escaping. A malicious Mermaid diagram could generate an SVG with embedded scripts (XSS) that execute when the browser opens the file, potentially compromising the agent environment.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:51 AM