mermaidjs-v11
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references scripts and styles from trusted sources including jsDelivr (cdn.jsdelivr.net), ESM.run (esm.run), and GitHub Container Registry (ghcr.io). These are well-known services used for hosting legitimate libraries and official container images.
- [COMMAND_EXECUTION]: Provides instructions for using the Mermaid CLI (
mmdc). These commands are standard for the tool's intended purpose and include security best practices such as specifying non-root user IDs when running via Docker to maintain host file permissions. - [PROMPT_INJECTION]: The skill processes user-defined diagram syntax which presents an indirect injection surface (Category 8). However, the documentation explicitly recommends using
securityLevel: 'strict'and notes thatDOMPurifyis enabled by default to mitigate XSS risks during rendering.
Audit Metadata