workflow-visualizer
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, data exfiltration, or unauthorized command execution detected. The skill focuses on parsing user input and generating static HTML/JS content.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user workflow descriptions to create diagrams. 1. Ingestion points: User input provided via triggers in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Generation of self-contained HTML and JavaScript files (SKILL.md). 4. Sanitization: Absent; the skill instructions do not specify HTML entity encoding or input validation.
- [DYNAMIC_EXECUTION]: The skill generates inline JavaScript for diagram interactivity. This is a legitimate and expected behavior for its primary purpose and does not involve executing code on the host system.
Audit Metadata