Trust Assessment
beautiful-mermaid received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include Dynamic package installation using child_process.execSync, Unversioned dynamic dependency installation, Unsanitized user-provided SVG embedded in HTML for local browser rendering.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on June 1, 2026 (commit 9b0e00ad). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unsanitized user-provided SVG embedded in HTML for local browser rendering The `scripts/create-html.ts` script takes an SVG file (generated from user-provided Mermaid code by `scripts/render.ts`) and directly embeds its content into an HTML file. This HTML file is then opened by the `agent-browser` skill using `file://$(pwd)/diagram.html`. If the `beautiful-mermaid` library (used by `render.ts`) does not sufficiently sanitize the Mermaid input to prevent embedded JavaScript (e.g., `<script>` tags, `onload` attributes, or other SVG-based XSS vectors), an attacker could craft malicious Mermaid code. When `agent-browser` opens this local HTML file, the embedded JavaScript would execute with local file system access privileges (due to the `file://` protocol), potentially leading to data exfiltration, local file manipulation, or other severe compromises of the agent's environment. 1. **Strict SVG Sanitization**: Ensure the `beautiful-mermaid` library (or a post-processing step) rigorously sanitizes the generated SVG to remove all potentially executable content (e.g., `<script>` tags, `on*` event handlers, `javascript:` URLs, external references). Consider using a dedicated SVG sanitization library. 2. **Sandbox `agent-browser`**: If possible, configure `agent-browser` to open local files in a highly restricted sandbox environment that prevents local file system access or network requests from the rendered content. 3. **Content Security Policy (CSP)**: Implement a strict Content Security Policy in the generated HTML to mitigate XSS risks, though this might be less effective for `file://` URLs depending on browser implementation. | LLM | scripts/create-html.ts:120 | |
| HIGH | Dynamic package installation using child_process.execSync The `ensurePackage` function in `scripts/render.ts` uses `child_process.execSync` to install missing dependencies (`bun add` or `npm install`) when running in Node.js or Bun environments. While the package name (`beautiful-mermaid`) is hardcoded, using `execSync` for dynamic installation is a dangerous practice. If the environment variables influencing `npm`/`bun` were compromised, or if the command string were ever to be constructed with untrusted input, it could lead to arbitrary command execution. This also introduces a dependency on external package managers being present and correctly configured. Avoid dynamic package installation at runtime using shell commands. All dependencies should be declared in `package.json` (or equivalent for Bun/Node) and installed during a secure setup phase. If dynamic loading is absolutely necessary, use safer methods that do not involve shell execution, or at least ensure strict validation and sandboxing. | LLM | scripts/render.ts:160 | |
| HIGH | Unversioned dynamic dependency installation The `ensurePackage` function in `scripts/render.ts` attempts to install the `beautiful-mermaid` package if it's not found, using `bun add beautiful-mermaid`, `npm install beautiful-mermaid`, or Deno's `npm:` specifier. This installs the *latest* available version of the package. This practice introduces a significant supply chain risk, as a malicious update to `beautiful-mermaid` (or any of its dependencies) could be automatically pulled and executed by the agent without review, potentially compromising the agent's environment or data. Pin all dependencies to specific versions in a `package.json` (or equivalent) file. Ensure dependencies are installed and audited during a secure build process, not dynamically at runtime. | LLM | scripts/render.ts:150 |
Scan History
Embed Code
[](https://skillshield.io/report/a758e75812c8061b)
Powered by SkillShield