Skills
skills/jaganpro/claude-code-sfskills/sf-diagram-nanobananapro/Gen Agent Trust Hub

sf-diagram-nanobananapro

Fail

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill's installation instructions and prerequisite script (scripts/check-prerequisites.sh) recommend installing the uv tool via a piped shell script from https://astral.sh/uv/install.sh. This originates from the official domain of a well-known technology provider for Python tooling.
  • [COMMAND_EXECUTION]: The Python script scripts/generate_image.py uses subprocess.run to call the macOS open utility. This is intended for displaying generated PNG files in the system's default image viewer.
  • [PROMPT_INJECTION]: The skill provides automated Apex and LWC code reviews, which ingest untrusted source code into LLM prompts. This presents an indirect prompt injection surface.
  • Ingestion points: Salesforce source code provided by the user is passed into prompts defined in assets/review/apex-review.md and assets/review/lwc-review.md.
  • Boundary markers: The prompts use textual labels like 'CODE:' or 'JAVASCRIPT:' to demarcate input data from instructions.
  • Capability inventory: The skill can execute terminal commands via the gemini CLI and open local files using system utilities.
  • Sanitization: Source code is interpolated directly into templates without structural validation or escaping mechanisms.
Recommendations
  • HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 14, 2026, 02:21 PM