Skills
skills/awslabs/agent-plugins/aws-architecture-diagram/Gen Agent Trust Hub

aws-architecture-diagram

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: References the 'defusedxml' Python package and the draw.io desktop application as external dependencies for secure XML parsing and file export.
  • [COMMAND_EXECUTION]: Utilizes the Bash tool to run local vendor-supplied Python scripts and the draw.io CLI for diagram validation, badge alignment, and format conversion (PNG/SVG/PDF).
  • [DATA_EXFILTRATION]: Generates preview links by sending diagram data to the well-known 'app.diagrams.net' service, which is a documented and intended feature for user convenience.
  • [PROMPT_INJECTION]: Implements codebase scanning functionality to identify infrastructure components in files like CloudFormation and Terraform. This data ingestion is scoped strictly to extracting service names and relationships for visualization purposes.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 09:34 AM