Skills
skills/boazy/skills/d2-diagrams/Gen Agent Trust Hub

d2-diagrams

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: Installation instructions include a command to pipe a remote script from https://d2lang.com/install.sh directly to a shell. This resource belongs to the official D2 diagramming project.
  • [EXTERNAL_DOWNLOADS]: Utilizing the tool to generate PNG outputs triggers a one-time download of a bundled Chromium browser (~140MB) from the official D2 distribution sources.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute d2 CLI commands for rendering, watching, and styling diagram files.
  • [PROMPT_INJECTION]: The skill processes untrusted data from .d2 files, creating a surface for indirect prompt injection.
  • Ingestion points: The skill reads .d2 files using the Read tool.
  • Boundary markers: There are no specific instructions or delimiters used to isolate diagram syntax from potential instructions.
  • Capability inventory: The skill has access to the Bash tool for running D2 and the Write tool for file creation.
  • Sanitization: No evidence of sanitization or validation of the input D2 syntax.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 01:44 AM