Skills
skills/jaganpro/sf-skills/sf-diagram-mermaid/Gen Agent Trust Hub

sf-diagram-mermaid

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/query-org-metadata.py utilizes the subprocess module to execute Salesforce CLI (sf) commands. This is used to retrieve metadata such as record counts and sharing models from a connected Salesforce org to enrich diagrams.
  • [EXTERNAL_DOWNLOADS]: The scripts/mermaid_preview.py script serves an HTML interface that loads the Mermaid.js library from a well-known CDN (https://cdn.jsdelivr.net/npm/mermaid@10/dist/mermaid.min.js). This is a standard and safe practice for rendering diagrams in a browser.
  • [COMMAND_EXECUTION]: The scripts/mermaid_preview.py script launches itself as a background process using subprocess.Popen with a new session. This functionality is intended to provide a persistent local preview server that survives the termination of the agent session.
  • [DATA_EXPOSURE]: The preview server implemented in scripts/mermaid_preview.py reads a user-specified file and serves its content on localhost:8765. While this involves reading local files, it is a restricted local service designed for the specific purpose of diagram visualization.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 03:09 PM