mermaid-to-png
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the subprocess module to execute the mmdc (Mermaid CLI) binary. This is necessary for converting Mermaid diagrams into image files. Evidence found in scripts/convert.py within the convert_mermaid_to_image function.
- [REMOTE_CODE_EXECUTION]: The script includes an optional --allow-npx flag that, when enabled, allows the dynamic download and execution of the @mermaid-js/mermaid-cli package via npx. While targeting a well-known package, this involves executing code from a remote registry at runtime. Evidence found in the resolve_mmdc_command function in scripts/convert.py.
- [PROMPT_INJECTION]: The skill processes untrusted input Markdown files and extracts contents of Mermaid code blocks for processing, creating a surface for indirect prompt injection.
- Ingestion points: Markdown files provided as the input argument in scripts/convert.py.
- Boundary markers: The script uses a regex to identify Mermaid blocks but does not implement explicit delimiters to ignore embedded instructions.
- Capability inventory: The skill executes external rendering commands (mmdc) via subprocess.run.
- Sanitization: There is no validation or sanitization of the Mermaid diagram code before it is written to a temporary file and processed by the renderer.
Audit Metadata