azure-diagrams
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The script
scripts/ascii_to_diagram.pyparses markdown files to extract ASCII diagrams. This data ingestion is a known surface, but the script implements security controls including strict file extension validation and regex-based filename sanitization. - Ingestion points: Markdown files read from the local directory by
scripts/ascii_to_diagram.py. - Boundary markers: Extracted ASCII content is clearly delimited within the generated report for the agent.
- Capability inventory: The script is limited to file reading and report generation; it does not execute the extracted content.
- Sanitization: Filenames are sanitized via regex, and input is limited to .md and .markdown files.
- External Downloads (SAFE): The skill recommends installing standard, well-maintained packages (
diagrams,matplotlib) and the Graphviz system utility. No suspicious third-party repositories or unverifiable binary downloads are referenced. - Command Execution (SAFE): The provided scripts use standard Python library calls for environmental checks and file operations. No dangerous subprocess calls or privilege escalation attempts were identified.
Audit Metadata