mermaid-diagrams
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [SAFE]: The skill consists entirely of Markdown files providing documentation and templates for Mermaid diagram syntax. No executable scripts, binaries, or active logic are included in the skill.
- [EXTERNAL_DOWNLOADS]: The documentation mentions trusted external resources such as the Mermaid Live Editor (mermaid.live), the official Mermaid website (mermaid.js.org), and the official @mermaid-js/mermaid-cli package. These are recognized as well-known and safe developer tools.
- [REMOTE_CODE_EXECUTION]: An integration example in the documentation demonstrates loading the Mermaid library via the JSDelivr CDN (cdn.jsdelivr.net). This is a standard and safe method for utilizing well-known open-source libraries.
- [SAFE]: Regarding potential indirect prompt injection: Ingestion points: User requests to generate architecture diagrams. Boundary markers: Mermaid markdown code blocks. Capability inventory: None (text generation only). Sanitization: N/A. The skill's functionality is limited to syntax generation, presenting no significant attack surface.
Audit Metadata