Skills
skills/sugarforever/01coder-agent-skills/diagram-to-image/Gen Agent Trust Hub

diagram-to-image

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes external commands and local scripts to perform conversions.
  • Runs the mmdc (Mermaid CLI) tool to render diagrams to PNG/SVG.
  • Executes a local Python utility scripts/table_to_image.py for Markdown table rendering.
  • Uses shell commands like cat with heredocs and ls for file management.
  • [EXTERNAL_DOWNLOADS]: The skill documentation suggests installing legitimate, well-known dependencies.
  • References @mermaid-js/mermaid-cli from the official npm registry.
  • References the pillow image processing library via pip.
  • [PROMPT_INJECTION]: The skill processes untrusted user input which constitutes an indirect prompt injection surface.
  • Ingestion points: User-provided Mermaid diagram definitions and Markdown table strings processed in SKILL.md and scripts/table_to_image.py.
  • Boundary markers: Employs heredoc delimiters (DIAGRAM_EOF, TABLE_EOF) to isolate user content from shell command execution during temporary file creation.
  • Capability inventory: File system access (reading diagrams, writing images), directory discovery (ls), and subprocess execution (mmdc, python3).
  • Sanitization: The Python script uses regular expressions to validate table structure but does not sanitize the text content rendered into the final image pixels.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 08:40 AM