Skills
skills/visualxintelligence/agent-toolkit/mermaid-diagrams/Gen Agent Trust Hub

mermaid-diagrams

Pass

Audited by Gen Agent Trust Hub on Feb 12, 2026

Risk Level: LOWNO_CODE
Full Analysis

The skill consists entirely of Markdown files providing documentation and examples of Mermaid diagram syntax. There are no executable scripts or commands intended for the AI agent to run. The skill's instructions are purely informational and educational.

Findings:

  • Unverifiable Dependencies (LOW): The README.md and SKILL.md files mention npm install -g @mermaid-js/mermaid-cli and docker run ... minlag/mermaid-cli as tools for users to render diagrams. These are instructions for the user to install standard, well-known tools for Mermaid, not for the AI agent to execute. The sources (@mermaid-js and minlag/mermaid-cli) are the official or widely accepted CLI tools for Mermaid. This is noted as a low-severity informational finding because it refers to external dependencies, but they are not executed by the agent and are from trusted sources for the stated purpose.

  • Data Exfiltration (INFO): The references/advanced-features.md and references/sequence-diagrams.md files contain examples of Mermaid syntax for creating clickable links (e.g., link A: API Documentation @ https://api.example.com). These are illustrative examples of Mermaid features, not instructions for the AI agent to perform network requests. If a user were to copy and execute this Mermaid code in an environment that automatically follows links, it could lead to external requests. However, this is a user-side risk related to the generated content, not a direct threat from the skill's instructions to the agent.

  • Unverifiable Dependencies (INFO): The references/advanced-features.md file includes an example HTML snippet that imports Mermaid from a CDN (https://cdn.jsdelivr.net/npm/mermaid@10/dist/mermaid.esm.min.mjs). This is an example of how a user might integrate Mermaid into an HTML file, not an instruction for the AI agent. cdn.jsdelivr.net is a trusted CDN. This is an informational finding.

  • Indirect Prompt Injection (INFO): As a skill that processes user-provided text (Mermaid syntax) to generate diagrams, there's an inherent, general risk of indirect prompt injection if the user's input itself were to contain malicious instructions intended for the LLM. This is a characteristic risk of the skill's function rather than a specific vulnerability in the skill's instructions.

Conclusion:

No critical, high, or medium severity threats were detected. The skill is purely descriptive and does not contain any active components that could pose a security risk to the AI agent or its environment. The identified informational and low-severity findings pertain to user-facing examples or general characteristics of the skill type, not direct vulnerabilities in the skill's instructions to the agent.

Audit Metadata
Risk Level
LOW
Analyzed
Feb 12, 2026, 10:45 PM