api-flow-diagram-creator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill's architecture allows it to ingest untrusted data (API definitions and flow descriptions) while possessing high-privilege capabilities (Bash, Write, Edit). Without explicit boundary markers or sanitization, an attacker could embed malicious commands in an API specification that the agent would then execute. * Ingestion points: File SKILL.md implies processing of external 'api flow diagram' content. * Boundary markers: None identified. * Capability inventory: Bash, Write, Edit, Read, Grep tools enabled. * Sanitization: No sanitization or validation logic is defined.
- Command Execution (HIGH): The inclusion of the 'Bash' tool in 'allowed-tools' allows for direct system interaction. In the event of a successful prompt injection, this tool can be leveraged to execute arbitrary shell commands, leading to full system compromise.
Recommendations
- AI detected serious security threats
Audit Metadata