mermaid
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The script
tools/validate.shusesnpx -yto download the packages@mermaid-js/mermaid-cliandbeautiful-mermaidduring execution. This creates a dependency on the NPM registry and potentially triggers the download of a headless Chromium browser via Puppeteer, which is a significant external binary. - REMOTE_CODE_EXECUTION (MEDIUM): By using
npx -ywith unpinned package versions, the skill is susceptible to supply chain attacks. If the NPM packages are compromised or if a typo-squatted version is resolved, malicious code would be executed on the host system without user confirmation. - DYNAMIC_EXECUTION (MEDIUM): The validation script contains an inline Node.js snippet that dynamically computes the path to the
beautiful-mermaidmodule using the systemPATHenvironment variable before callingrequire(). This non-standard loading mechanism is brittle and could be exploited if an attacker gains control over environment variables to point to a malicious module location. - COMMAND_EXECUTION (LOW): The skill executes shell commands and a Node.js interpreter using
node -e. While expected for its stated purpose, this provides an execution surface for any instructions injected via the input file if vulnerabilities exist in the parsers.
Audit Metadata