Skills
skills/openclaw/skills/mermaid-architect/Gen Agent Trust Hub

mermaid-architect

Fail

Audited by Gen Agent Trust Hub on Feb 13, 2026

Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis

The skill mermaid-architect provides instructions for generating Mermaid diagrams. The SKILL.md file contains a direct instruction to execute a bash command:

scripts/validate-mmd assets/examples/*.mmd

This instruction, found in the 'Validation' section of SKILL.md, constitutes a COMMAND_EXECUTION threat. The scripts/validate-mmd script is a local dependency whose contents are not provided in the analysis context. Therefore, its behavior is unknown and cannot be audited. The ability to execute arbitrary shell commands is a high-severity security vulnerability, as a malicious or compromised script could perform unauthorized actions.

No other threats were detected across the provided files (SKILL.md, _meta.json, references/syntax-guide.md). There were no signs of prompt injection, data exfiltration, obfuscation, privilege escalation, persistence mechanisms, metadata poisoning, or time-delayed attacks. The _meta.json file references the skill's own GitHub commit, which is not considered an external unverifiable dependency in the malicious sense. The references/syntax-guide.md file contains only informational content and Mermaid code examples, which are data and not executable code within the skill's context.

Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 13, 2026, 09:45 AM