mermaid
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The validation script
scripts/check-mermaid.shinvokesnpxto fetch and execute the@mermaid-js/mermaid-clipackage. This is an official, well-known tool used for rendering and validating Mermaid diagrams. - [COMMAND_EXECUTION]: The skill executes local shell commands (
find,mktemp,npx) to process markdown files in the workspace. The script follows security best practices, such as usingset -euo pipefailand handling filenames with null delimiters to prevent command injection or path traversal issues. - [SAFE]: No malicious behavior, such as data exfiltration, credential theft, or prompt injection, was detected. All network and file system activities are directly related to the skill's stated purpose of diagram validation.
Audit Metadata