mermaid
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection because it interpolates untrusted user input ($ARGUMENTS) into its workflow without sanitization or clear boundary markers.\n
- Ingestion points: User-provided requirements enter the agent context via the $ARGUMENTS variable at the end of the SKILL.md file.\n
- Boundary markers: Absent. There are no delimiters or system instructions used to encapsulate the user input or prevent the agent from interpreting embedded commands within the requirements.\n
- Capability inventory: The skill defines allowed-tools as Read, Write, and Edit in SKILL.md. This allows the agent to perform file system operations, which could be exploited if a user provides requirements that trick the agent into writing malicious files or modifying existing ones.\n
- Sanitization: Absent. The instructions do not specify any validation or filtering of the input requirements before the agent attempts to generate the diagram code.
Audit Metadata