Skills
skills/hkuds/cli-anything/cli-anything-mermaid/Gen Agent Trust Hub

cli-anything-mermaid

Pass

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the cli-anything-mermaid Python package from a public package registry.
  • [COMMAND_EXECUTION]: The skill utilizes a custom CLI tool (cli-anything-mermaid) to perform diagram manipulations and project management tasks.
  • [DATA_EXFILTRATION]: Diagram source code is sent to the well-known mermaid.ink service for rendering purposes, which is the primary intended function of the tool.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes external Mermaid diagram files and renders them. However, this is inherent to the tool's purpose and carries low risk in this context.
  • Ingestion points: diagram set --file, project open subcommands.
  • Boundary markers: Not specified in the skill instructions.
  • Capability inventory: File system writes via export render and project save subcommands.
  • Sanitization: Not explicitly implemented in the provided prompt instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 18, 2026, 12:02 PM