continue-diagram
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes diagram content that may originate from untrusted sources or previous sessions without safety boundaries.
- Ingestion points: The skill uses tools like
get_diagram,search_diagrams, andlist_diagramsto pull diagram data into the agent's context. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat the diagram content as untrusted or to ignore any natural language instructions embedded within the Mermaid code.
- Capability inventory: The agent has access to powerful tools including
update_diagram,delete_diagram, andexport_diagram(which notes the use of the Mermaid CLI), which could be targets of a successful injection attack. - Sanitization: No sanitization, validation, or filtering of the diagram content is mentioned before the agent reviews or modifies it.
Audit Metadata