mermaid-graph-renderer
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references standard installation of the official @mermaid-js/mermaid-cli package via NPM and the mmdr utility via Cargo. It also includes instructions for loading the Mermaid library from the official jsDelivr CDN, which is a well-known and trusted service.
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute legitimate diagram rendering and conversion tasks using CLI commands like mmdc and cargo, which are consistent with the skill's primary purpose.
- [DATA_EXFILTRATION]: One rendering option suggests using the Kroki API (kroki.io), a well-known external service for diagram generation. This involves transmitting diagram source text to the service for processing, which is a standard and expected operation for such a tool.
Audit Metadata