uml-diagramming
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions attempting to bypass safety filters or override system prompts were detected. The skill uses standard instructional language to define its diagramming capabilities.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network operations were found. Resource URIs (e.g.,
uml://types) refer to internal agent capabilities. - Obfuscation (SAFE): No evidence of Base64 encoding, zero-width characters, or other hidden content was found in the markdown or reference files.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not install external packages or execute remote scripts. It provides instructions for interacting with a specific
generate_umltool, which is a defined capability for the agent environment. - Indirect Prompt Injection (SAFE): While the skill processes user-provided descriptions to generate diagram code, it enforces strict output formatting (code blocks only) and maps inputs to specific diagram syntax, minimizing the surface for prompt injection attacks.
- Ingestion points: User descriptions and specifications (
SKILL.md). - Boundary markers: Output is explicitly restricted to a single code block.
- Capability inventory: Text generation and
generate_umltool execution. - Sanitization: Instructions require mapping input to specific structural diagram formats.
Audit Metadata