Skills
skills/openclaw/skills/skill-mermaid-diagrams/Gen Agent Trust Hub

skill-mermaid-diagrams

Fail

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/generate.mjs and scripts/validate.mjs files use execSync to invoke the Mermaid CLI (mmdc). The paths passed to these commands are constructed from the --out and --dir arguments using template literals without any shell escaping or sanitization. This allows an attacker to execute arbitrary shell commands by providing a malicious directory path containing shell metacharacters (e.g., ;, &, |).
  • [REMOTE_CODE_EXECUTION]: The lack of sanitization in the rendering scripts creates a direct path for remote code execution on the underlying system.
  • [EXTERNAL_DOWNLOADS]: The scripts/install-deps.sh script downloads and installs the @mermaid-js/mermaid-cli package from the npm registry. While this is a well-known service, the operation involves executing code from an external source.
  • [PROMPT_INJECTION]: The skill processes untrusted content from chapters to generate diagram labels. These labels are interpolated into Mermaid templates without sanitization. Although a validation function exists to check for characters that could break Mermaid syntax, it only produces warnings and does not prevent the generation of source files containing potentially malicious payloads.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 20, 2026, 10:25 AM