skills/ernesgonzalez33/claude-skill-diagram-generator/doc-flow-diagram-generator/Gen Agent Trust Hub
doc-flow-diagram-generator
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection when parsing documentation from external sources.
- Ingestion points: Raw text content is ingested from external URLs via
scripts/single_page_parser.py. - Boundary markers: There are no explicit delimiters or system instructions to treat the analyzed content as untrusted data.
- Capability inventory: The skill has the ability to read from the network and process textual workflows.
- Sanitization: The parser extracts text content without filtering or sanitizing it for embedded instructions.
- [DATA_EXFILTRATION]: The skill performs network operations to arbitrary domains.
- Network operations: The
scripts/single_page_parser.pyscript uses therequestslibrary to fetch content from user-specified URLs, which could be used for Server-Side Request Forgery (SSRF) if targeted at internal infrastructure.
Audit Metadata