whirlybird
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill uses clear, directive language to define a specific workflow and role. There are no attempts to override system safety guidelines, bypass constraints, or extract internal instructions. The 'MUST DO' and 'MUST NOT DO' sections are strictly related to the logic and formatting of the Mermaid mindmaps.
- [DATA_EXFILTRATION]: The skill does not contain any network operations, such as curl or wget, and does not access sensitive file paths. All data processing is confined to the conversation context.
- [REMOTE_CODE_EXECUTION]: There is no evidence of remote script execution, package installation, or dynamic code evaluation. The Mermaid syntax is used for diagram rendering within a markdown-compatible UI and is not executed as shell code.
- [COMMAND_EXECUTION]: No shell commands, subprocess calls, or privilege escalation patterns were identified in the instructions or reference files.
- [DATA_EXPOSURE]: No hardcoded credentials, API keys, or private identifiers were found in the skill or its associated references. The metadata correctly points to a public GitHub profile.
Audit Metadata