Skills
skills/eraserlabs/eraser-io/bicep-diagrams/Gen Agent Trust Hub

bicep-diagrams

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (LOW): The skill utilizes the Bash tool to run curl commands. This is used specifically to interact with the Eraser API for diagram rendering and is governed by the Bash(curl:*) permission.\n- EXTERNAL_DOWNLOADS (LOW): The skill connects to https://app.eraser.io, which is not on the trusted domain list but is necessary for the skill's intended functionality.\n- DATA_EXFILTRATION (LOW): Infrastructure metadata (resource names and types) is extracted from local Bicep files and sent to an external API. This is the primary function of the skill, and the destination is explicit.\n- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection because it processes user-provided Bicep files without explicit sanitization.\n
  • Ingestion points: The skill reads .bicep source files provided by the user.\n
  • Boundary markers: Absent; the agent is not instructed to ignore commands or role-play instructions potentially embedded in code comments.\n
  • Capability inventory: Includes Bash(curl:*), Read, and Write permissions.\n
  • Sanitization: Absent; the skill does not define filters for the resource labels or metadata extracted from the Bicep files before including them in the API payload.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 04:57 PM