mindmap
Warn
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's bootstrap scripts download the
@jinzcdev/markmap-mcp-serverpackage from the public npm registry during the initialization process. - [REMOTE_CODE_EXECUTION]: On Unix-like systems, the skill uses
npx -yto execute code from the@jinzcdev/markmap-mcp-serverpackage directly from the remote npm registry without prior local verification. - [COMMAND_EXECUTION]: The skill executes local shell (
bootstrap.sh) and PowerShell (bootstrap.ps1) scripts to automate tool registration. These scripts perform system-level operations, including global npm package installation and the direct modification of agent configuration files (e.g.,~/.claude.json,~/.codex/config.toml, and~/.config/opencode/opencode.json). - [COMMAND_EXECUTION]: The bootstrap process utilizes
node -eto execute dynamically constructed JavaScript code for programmatically editing local JSON and TOML configuration files. - [PROMPT_INJECTION]: The skill ingests untrusted user text through the
#$ARGUMENTSparameter and passes it to the mindmap generation tool. The absence of explicit boundary markers or input sanitization creates a surface for indirect prompt injection, where malicious instructions within the processed data could influence the agent's behavior. (Ingestion points: SKILL.md; Boundary markers: Absent; Capability inventory: markmap-mcp-server tool; Sanitization: Absent).
Audit Metadata