Skills
skills/jg-chalk-io/nora-livekit/moai-mermaid-diagram-expert/Gen Agent Trust Hub

moai-mermaid-diagram-expert

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection surface via unsanitized Mermaid diagram input. \n
  • Ingestion points: The mermaid-to-svg-png.py script reads diagram source from external .mmd files. \n
  • Boundary markers: The script lacks delimiters or safety instructions when processing external diagram code. \n
  • Capability inventory: The conversion script uses Playwright (headless browser) which executes JavaScript and writes to the local filesystem. \n
  • Sanitization: The Mermaid renderer is configured with securityLevel: 'loose', which allows script execution, and diagram content is injected into HTML f-strings without escaping. \n- [COMMAND_EXECUTION]: The skill uses subprocess calls to execute CLI tools. \n
  • Evidence: subprocess.run(['mmdc', ...]) in the SKILL.md example. \n- [EXTERNAL_DOWNLOADS]: Fetches external JS libraries during rendering. \n
  • Evidence: Downloads the Mermaid.js library from the jsDelivr CDN, a well-known service.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 05:14 PM