Skills
skills/tech-leads-club/agent-skills/mermaid-studio/Gen Agent Trust Hub

mermaid-studio

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/render.mjs and scripts/batch.mjs files utilize the execSync function to interface with the mmdc (Mermaid CLI) tool. This is the intended mechanism for converting Mermaid DSL code into visual formats like SVG, PNG, and PDF.
  • [EXTERNAL_DOWNLOADS]: The scripts/setup.sh script automates the installation of essential dependencies from the NPM registry, including @mermaid-js/mermaid-cli, beautiful-mermaid, and mermaid. It also utilizes npx to download a Chromium instance via Puppeteer, which is a standard requirement for Mermaid's headless rendering process.
  • [EXTERNAL_DOWNLOADS]: Within references/aws-architecture.md, the skill documents a process for fetching an AWS icon pack from a public GitHub repository (raw.githubusercontent.com/harmalh/aws-mermaid-icons). This fetch targets a static JSON data resource used for rendering icons and does not involve the execution of remote code.
  • [COMMAND_EXECUTION]: Multiple scripts, including scripts/validate.mjs and scripts/render-ascii.mjs, use dynamic import() calls to load processing libraries at runtime. This modular approach is consistent with standard Node.js development practices for skills requiring complex external parsers.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 07:39 PM