Skills
skills/molechowski/agent-skills/doc-mermaid-ascii/Gen Agent Trust Hub

doc-mermaid-ascii

Warn

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The helper script scripts/render.mjs executes the npm root -g command using execSync. This subprocess call is used to discover the global filesystem path for Node.js modules at runtime.
  • [REMOTE_CODE_EXECUTION]: The skill uses dynamic imports (import()) with a computed string path to load the beautiful-mermaid library. Loading executable code from paths determined during execution is a risk factor for runtime exploitation.
  • [EXTERNAL_DOWNLOADS]: The skill documentation instructs users to install beautiful-mermaid, which is an external, unverified third-party package. This introduces a dependency from a source that is not included in the pre-approved trusted vendor list.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 14, 2026, 09:35 PM