mermaid-diagrams
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill processes user-provided content to generate and save files, creating a significant attack surface.
- Ingestion points: User descriptions and save path requests (SKILL.md).
- Boundary markers: Absent; there are no instructions for the agent to validate or restrict the file paths.
- Capability inventory: The 'mcp__mermaid__mermaid_save' tool allows writing data to the host filesystem.
- Sanitization: Absent; the skill lacks instructions to sanitize paths or diagram content before tool execution.
- Command Execution (MEDIUM): The skill manages external tool execution for file operations. Without strict path anchoring or validation, this capability can be abused to manipulate the host filesystem.
Recommendations
- AI detected serious security threats
Audit Metadata