Skills
skills/jabrena/cursor-rules-java/033-architecture-diagrams/Gen Agent Trust Hub

033-architecture-diagrams

Pass

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to run ./mvnw validate or mvn validate to ensure the project is in a valid state before processing.
  • [COMMAND_EXECUTION]: Uses shell commands like grep and find to analyze project structure, dependencies, and database access patterns.
  • [EXTERNAL_DOWNLOADS]: Fetches the PlantUML executable (plantuml.jar) from the official project repository on GitHub for diagram rendering.
  • [EXTERNAL_DOWNLOADS]: Includes external configuration for C4 model diagrams from the plantuml-stdlib GitHub organization.
  • [REMOTE_CODE_EXECUTION]: Executes the downloaded plantuml.jar using the java -jar command to validate syntax and generate image files.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted codebase data.
  • Ingestion points: Java source code (.java), Maven/Gradle configuration (pom.xml, build.gradle), and SQL schema files (.sql) accessed via codebase search tools.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are used when reading project files.
  • Capability inventory: Significant capabilities including shell command execution (mvn, grep) and binary execution (java -jar).
  • Sanitization: There is no evidence of sanitization or validation of content retrieved from project files before it influences agent actions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 24, 2026, 05:55 PM