skills/jeremylongshore/claude-code-plugins-plus-skills/mermaid-class-diagram-generator/Gen Agent Trust Hub
mermaid-class-diagram-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHNO_CODEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is vulnerable to indirect prompt injection due to its broad capabilities combined with the processing of untrusted user input.\n
- Ingestion points: Processes untrusted data via user requests for 'mermaid class diagram' generation and visual content support in the file SKILL.md.\n
- Boundary markers: No boundary markers, delimiters, or 'ignore instructions' warnings are present to isolate user-supplied data from the agent's instruction context.\n
- Capability inventory: The skill requests access to the
Bash,Write,Edit,Read, andGreptools across all potential operations.\n - Sanitization: There is no evidence of input validation, escaping, or filtering to prevent malicious content in the user prompts from interacting with the high-privilege tools.\n- [No Code] (SAFE): The provided skill consists solely of markdown documentation and metadata; no executable scripts, packages, or obfuscated payloads were found.
Recommendations
- AI detected serious security threats
Audit Metadata