arch-diagrams
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the 'openclaw' command-line interface to perform diagram generation and editing tasks based on user input.
- [DATA_EXFILTRATION]: The skill performs network operations to 'api.openclaw.ai' to facilitate diagram rendering and processing.
- Evidence: Python and CLI examples in 'SKILL.md' demonstrate POST requests to the 'openclaw.ai' domain.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) by processing untrusted data to generate visual diagrams.
- Ingestion points: The '--input' and 'description' fields in the CLI and API calls documented in 'SKILL.md'.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the documentation.
- Capability inventory: The skill can write files to the local system using the '--output' flag and make external network requests.
- Sanitization: There is no documented validation or sanitization of the input text before it is processed by the rendering engine.
Audit Metadata