Skills
skills/dev-goraebap/skills/usecase-diagram-gen/Gen Agent Trust Hub

usecase-diagram-gen

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Downloads the pdf-parse package from the NPM registry as defined in scripts/package.json. This dependency is fetched from a well-known service.
  • [COMMAND_EXECUTION]: Uses Bash to execute npm install for dependency management and node to run the extract_pdf_text.js utility script for text extraction.
  • [PROMPT_INJECTION]: Identifies an indirect prompt injection surface (Category 8).
  • Ingestion points: Reads content from external .pdf, .txt, and .md files provided by users.
  • Boundary markers: Absent. The skill does not wrap extracted text in delimiters or provide 'ignore instructions' warnings to the agent.
  • Capability inventory: Bash (npm/node), Read (file system access), and Write (generating workspace files).
  • Sanitization: Absent. Extracted text is used directly for analysis without validation or filtering.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 12:27 PM