diagram
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill interacts with the Google Gemini API to perform diagram generation and quality assessments. These operations are conducted with a well-known and trusted service provider.
- [COMMAND_EXECUTION]: The skill provides a command-line script (
scripts/generate_diagram.py) for orchestrating the diagram generation process. This script handles API communication, multi-turn chat state for refinement, and file system operations for saving image outputs. - [PROMPT_INJECTION]: The skill processes untrusted user inputs (text and images) which are interpolated into prompts for external AI models.
- Ingestion points: The
promptandinput_imageparameters processed inscripts/generate_diagram.py. - Boundary markers: The script employs clear structural labels (e.g., 'USER REQUEST', 'USER EDIT REQUEST', 'ORIGINAL REQUEST') to delimit user content for the models.
- Capability inventory: The skill is authorized to use Read, Write, Edit, and Bash tools to manage diagram files and execute the local generation logic.
- Sanitization: No explicit sanitization or filtering of the user-supplied prompts is performed before they are sent to the AI models.
- [SAFE]: The skill follows recommended security practices by using environment variables for API key configuration and maintaining detailed logs of its operations. No patterns of obfuscation, persistence, or privilege escalation were identified.
Audit Metadata