mermaid-mcp
Fail
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The installation process requires the global installation of the
@narasimhaponnada/mermaid-mcp-serverpackage from the npm registry. This package originates from an unverified third-party developer. - [REMOTE_CODE_EXECUTION]: The skill configuration requires the agent to execute a JavaScript file (
index.js) located within the downloaded third-party package using the Node.js runtime. This execution of unverified external code represents a significant security risk. - [COMMAND_EXECUTION]: The setup instructions involve the execution of several shell commands, including
npm install,npm root, and the spawning ofnodeprocesses to run the MCP server. - [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted diagram code (Mermaid syntax) through its tools.
- Ingestion points: Data enters through the
generateDiagramandvalidateDiagramtools defined in SKILL.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the tool definitions.
- Capability inventory: The skill possesses file-writing capabilities (rendering SVGs) and syntax validation as described in the tools table.
- Sanitization: There is no evidence of input sanitization or validation of the Mermaid syntax before it is processed by the external server.
Recommendations
- AI detected serious security threats
Audit Metadata