034-architecture-diagrams
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the PlantUML utility JAR file from the official GitHub repository (github.com/plantuml/plantuml), which is a well-known and recognized service.
- [REMOTE_CODE_EXECUTION]: The skill provides instructions to download an executable JAR and run it using the 'java -jar' command to validate and render diagrams.
- [COMMAND_EXECUTION]: Executes several system commands including 'mvn validate', 'grep', 'find', and 'docker run' to analyze the codebase and manage diagram generation tools.
- [PROMPT_INJECTION]: Utilizes high-priority instructional markers such as 'MANDATORY', 'CRITICAL SAFETY', and 'IMPORTANT' to enforce strict adherence to the multi-step interactive workflow and validation checks.
- [PROMPT_INJECTION]: Contains a vulnerability surface for indirect prompt injection by processing external project data.
- Ingestion points: Reads Java source files, SQL DDL, and migration scripts from the local codebase through 'codebase_search' and 'read_file' (referenced in references/034-architecture-diagrams.md).
- Boundary markers: Does not implement specific delimiters or 'ignore' instructions to separate untrusted codebase content from the agent's internal logic.
- Capability inventory: Has access to shell command execution (Maven, Java, Docker) and file system read/write operations across multiple files.
- Sanitization: Lacks explicit validation or sanitization steps for content extracted from the analyzed project before it is used to generate PlantUML syntax.
Audit Metadata