Skills
skills/shaun-z/auto-claude-code-research-in-sleep/mermaid-diagram/Gen Agent Trust Hub

mermaid-diagram

Pass

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx -y @mermaid-js/mermaid-cli@latest to download and execute the Mermaid CLI during the verification step. This operation fetches the official tool from the npm registry, a well-known service, and is necessary for validating the generated diagram syntax.
  • [COMMAND_EXECUTION]: Shell commands are used to manage the environment and run the diagram generator, including mkdir for directory creation and mmdc/npx for rendering. These commands are directly tied to the skill's primary purpose and operate within the figures/ directory.
  • [PROMPT_INJECTION]: The skill ingests user requirements to generate diagram code, which represents an indirect prompt injection surface. However, the instructions mandate a strict 6-step workflow and a detailed manual review process that the agent must follow, providing a structured framework that reduces the likelihood of successful injection attacks.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 21, 2026, 04:17 AM