workflow-erd
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted text from PRDs and functional specifications to generate output without sanitization or boundary markers.
- Ingestion points: Documentation files including SPEC and PRD files are read from the project directory as specified in the 'Input analysis' section of
SKILL.md. - Boundary markers: The instructions do not provide delimiters or negative constraints to ensure the agent ignores instructional content potentially hidden within the source documents.
- Capability inventory: The skill performs file system read operations on project documentation and write operations to create Mermaid (
.mmd) files and update theAGENTS.mdfile. - Sanitization: No validation or escaping logic is defined for the content extracted from external specifications before it is used for modeling.
Audit Metadata