mermaid-flow-image
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides a command to execute a local Python script (
./scripts/python/render_mermaid_kroki.py) for processing Mermaid diagrams. This operation is a standard part of the skill's stated functionality. - [EXTERNAL_DOWNLOADS]: The documentation references Kroki, which is a well-known technology service for rendering diagrams. References to such well-known services are considered safe within the intended context.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes untrusted user input to generate diagram code. Ingestion points: User flow requirements described in SKILL.md. Boundary markers: No explicit markers are present in the prompt instructions. Capability inventory: Subprocess execution via the Python rendering script. Sanitization: The skill includes instructions to wrap node labels in quotes, which provides a basic level of syntax protection.
Audit Metadata