moai-library-mermaid
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The documentation directs the installation of the 'anthropic-ai playwright-mcp' package, which is not an official Anthropic resource and appears to be a typosquatting attempt.
- [REMOTE_CODE_EXECUTION] (HIGH): The recommendation to run unverified code via 'npx' directly enables remote code execution on the host system.
- [COMMAND_EXECUTION] (MEDIUM): The skill requests 'Bash' tool permissions, which can be leveraged by malicious code to compromise the local environment.
- [DATA_EXFILTRATION] (LOW): (Category 8 surface) Ingestion points: User-provided Mermaid diagrams. Boundary markers: Absent. Capability inventory: Bash and Playwright browser access. Sanitization: None mentioned. Using Playwright to render diagrams allows for potential indirect exfiltration if malicious Mermaid syntax is processed by the headless browser.
- [SAFE] (SAFE): No direct prompt injection markers or obfuscation were found in the provided files.
Recommendations
- AI detected serious security threats
Audit Metadata