mermaid-visualizer
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No security issues were detected. The skill contains Markdown-based instructions and does not include scripts, binaries, or requests for external resources.
- [Indirect Prompt Injection] (LOW): The skill processes untrusted user input to generate diagrams, which is a common surface for indirect prompt injection.
- Ingestion points:
SKILL.mdinstructs the agent to analyze user-provided text content to identify concepts, relationships, and flows for diagram generation. - Boundary markers: Absent. There are no instructions or delimiters provided to the agent to prevent the interpretation of malicious instructions embedded within the user text.
- Capability inventory: None. The skill does not use subprocesses, file-system writing, network calls, or dynamic execution (eval/exec).
- Sanitization: Absent. The skill provides extensive rules for Mermaid syntax validation (e.g., in
references/syntax-rules.md) to prevent rendering errors, but does not provide security-focused sanitization of the input content.
Audit Metadata