mermaid-render
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The
render.shscript executes themmdc(Mermaid CLI) andimgcatcommands. The script uses Bash arrays (MMDC_ARGS) to handle parameters, which prevents shell injection vulnerabilities by ensuring arguments are not parsed as commands. - [EXTERNAL_DOWNLOADS]: The skill references the
@mermaid-js/mermaid-cliNode.js package. This is a well-known technology used for diagram rendering and is considered a trusted source. - [INDIRECT_PROMPT_INJECTION]: The skill processes diagram definitions stored in
.mmdfiles. It includes the following security context: - Ingestion points: Reads diagram content from files (e.g.,
/tmp/mermaid-diagram.mmdor user-specified paths) inrender.shandSKILL.md. - Boundary markers: None explicitly defined for the diagram content itself.
- Capability inventory: The skill can write files, execute the
render.shscript, and runmmdcvia Bash. - Sanitization: Command-line arguments are sanitized via array interpolation in the shell script, limiting the exploitability of the processing pipeline.
Audit Metadata