security-threat-modeler
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted system descriptions. 1. Ingestion points: system-architecture and data-flow-diagram inputs (SKILL.md). 2. Boundary markers: Absent; no delimiters are used to separate input from instructions. 3. Capability inventory: Ability to create files (SKILL.md side_effects). 4. Sanitization: Absent; no validation or escaping of external content is specified.
- [NO_CODE]: The skill consists exclusively of markdown documentation and reference templates; no executable scripts or code dependencies are present.
Audit Metadata