uml-diagram
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references an external MCP server source code repository located at github.com/antoinebou12/uml-mcp to facilitate its core functionality.
- [DATA_EXFILTRATION]: Diagram source code is sent to the public kroki.io service for processing and rendering. The skill explicitly documents this behavior and provides a guardrail warning users to avoid including sensitive data or to use a local server instance for confidential information.
- [COMMAND_EXECUTION]: The generate_uml tool provides the capability to write rendered diagram files to the local file system using the output_dir parameter, which is a standard feature for this type of utility.
- [PROMPT_INJECTION]: While the skill ingests user-provided diagram code, it lacks instructions that would allow for agent behavioral overrides or safety bypasses, focusing strictly on diagram syntax and rendering.
Audit Metadata