mermaid
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (LOW): The skill documentation facilitates the use of the
mmdccommand-line tool. Running this tool requires the agent to execute shell commands with user-defined input/output file paths, which could be exploited for command injection if not properly sanitized.\n- REMOTE_CODE_EXECUTION (LOW): Documentation inmermaid-cli/already-installed-chromium.mdexplains how to set theexecutablePathfor Puppeteer. This setting allows the execution of an arbitrary binary, which is a potential risk if the configuration file is controlled by an attacker.\n- PROMPT_INJECTION (LOW): Mermaid diagram syntax allows for user-defined text in nodes and labels. This acts as a surface for indirect prompt injection, where an attacker could embed instructions intended for the AI agent.\n- EXTERNAL_DOWNLOADS (LOW): The skill recommends installing the@mermaid-js/mermaid-clipackage. As themermaid-jsorganization is not on the predefined list of trusted entities, this represents an unverifiable external dependency.
Audit Metadata