Skills
skills/nateberkopec/dotfiles/beautiful-mermaid/Gen Agent Trust Hub

beautiful-mermaid

Warn

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the beautiful-mermaid and shiki packages from the NPM registry. The core functionality is provided by the beautiful-mermaid library, hosted on a public GitHub repository.
  • [COMMAND_EXECUTION]: The documentation includes a Fish shell integration example that is vulnerable to command injection. It uses an unsanitized shell variable ($argv[1]) within a node -e execution string. An attacker providing a filename containing shell metacharacters or JavaScript escape sequences (e.g., ' + process.exit() + ') could execute arbitrary code when the function is invoked.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting and rendering untrusted diagram definitions.
  • Ingestion points: Mermaid diagram strings passed to the renderMermaid and renderMermaidAscii functions in SKILL.md.
  • Boundary markers: Absent; inputs are interpolated directly into the rendering engine.
  • Capability inventory: The provided usage patterns include file system read/write operations (fs.readFileSync, fs.writeFileSync), console logging, and web server response handling (res.send).
  • Sanitization: Absent; the library's documentation explicitly states that it does not perform syntax validation on diagram inputs.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 4, 2026, 02:08 PM