mermaid
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The skill contains no instructions attempting to override system prompts, bypass safety guidelines, or extract system instructions. The content is purely instructional for Mermaid diagram syntax.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network operations were detected. URLs included in the files are for official documentation (e.g., mermaid.js.org, mermaid.ai) or used as standard placeholders (e.g., contoso.com, github.com) within diagram examples.
- Unverifiable Dependencies & Remote Code Execution (SAFE): There are no commands for installing external packages (npm, pip) or executing remote scripts. The skill relies entirely on standard Mermaid rendering capabilities.
- Obfuscation (SAFE): No use of Base64 encoding, zero-width characters, homoglyphs, or other techniques to hide malicious intent was found.
- Indirect Prompt Injection (SAFE): While the skill defines how to process data into diagrams, it does not provide a mechanism for ingesting untrusted external data that could lead to injection. The examples provided are static templates for the agent to follow.
Audit Metadata