mermaid-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): Detected an indirect prompt injection surface. The skill is designed to process user-provided descriptions to generate diagrams while having access to high-privilege tools. 1. Ingestion points: User-provided diagram requirements in the skill body files (SKILL.md). 2. Boundary markers: Absent; there are no instructions to ignore instructions embedded in user data. 3. Capability inventory: The skill metadata allows 'Bash', 'WebFetch', and file editing tools. 4. Sanitization: Absent; the skill provides no guidance on filtering or escaping user input before processing.
- COMMAND_EXECUTION (SAFE): While the metadata allows the 'Bash' tool, the skill content does not contain any instructions to execute shell commands.
- DATA_EXFILTRATION (SAFE): No patterns for accessing sensitive files (e.g., SSH keys, credentials) or exfiltrating data to external domains were identified.
- EXTERNAL_DOWNLOADS (SAFE): All external links point to official Mermaid documentation and the live editor, which are considered trustworthy sources for this use case.
Audit Metadata