create-mermaid-diagrams
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the mmdc (Mermaid CLI) tool to validate and render diagrams. This is a standard operation for the skill's stated purpose and targets a well-known utility.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing external markdown files provided as input.\n
- Ingestion points: The skill reads external markdown files (e.g.,
<input.md>) to find and validate Mermaid blocks (SKILL.md).\n - Boundary markers: The instructions do not specify any boundary markers or instructions to ignore embedded commands within the processed files.\n
- Capability inventory: The skill can execute the mmdc command, write files to the /tmp/ directory, and read the CLI output to perform iterative repairs on the diagram syntax.\n
- Sanitization: There is no sanitization or filtering of the input markdown content before it is processed by the CLI tool or analyzed by the agent for repair strategies.
Audit Metadata