pretty-mermaid
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No security issues detected. The skill structure and metadata are consistent with its stated purpose of rendering diagrams.
- EXTERNAL_DOWNLOADS (LOW): The skill utilizes the 'beautiful-mermaid' npm package as a dependency. This is a legitimate library for the intended functionality. The README mentions auto-installation of dependencies, which is a common convenience for agent skills but should be monitored for unexpected network activity.
- Indirect Prompt Injection (LOW): The skill represents a surface for indirect injection as it processes external Mermaid diagram definition files (.mmd). 1. Ingestion points: User-supplied diagram files processed via the input arguments in render.mjs and batch.mjs. 2. Boundary markers: None specified in the provided files. 3. Capability inventory: The skill has the capability to read local files and write rendered SVG/ASCII output to the filesystem. 4. Sanitization: Relies on the sanitization and parsing logic of the 'beautiful-mermaid' library.
Audit Metadata