diagrams
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill is entirely declarative and provides only instructions and templates for diagram creation. No executable scripts, shell commands, or malicious patterns were identified across any of the reference files.
- [EXTERNAL_DOWNLOADS]: The skill references external URLs for Vega-Lite schemas and Markdown Viewer documentation. These are well-known technology resources used for legitimate configuration and documentation purposes and do not contribute to a negative verdict.
- [PROMPT_INJECTION]: The skill ingests user input to generate diagram code (Indirect Prompt Injection surface). Evidence chain: 1. Ingestion points: User requests describing systems or data in the agent context. 2. Boundary markers: Instructions mandate wrapping output in specific code fences or structured HTML tags. 3. Capability inventory: No subprocess calls, file-writes, or network operations are defined in the skill files. 4. Sanitization: The skill emphasizes adherence to strict syntax rules and JSON schemas to ensure structural integrity.
Audit Metadata