c4-model
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill consists exclusively of markdown documentation, architectural guidelines, and templates for Mermaid and Structurizr DSL. No executable scripts, binaries, or network-active components were detected.
- [NO_CODE]: No code or scripts are included in the provided files.
- [PROMPT_INJECTION]: The skill includes instructions for a workflow involving scanning local project files (such as package.json, pom.xml, go.mod, and Dockerfile) to identify architectural containers and components. This ingestion of untrusted codebase data creates an indirect prompt injection surface. However, this functionality is essential to the skill's primary purpose and no malicious patterns or bypass attempts were identified.
- Ingestion points: Local project configuration files and directory structures (referenced in SKILL.md).
- Boundary markers: Absent.
- Capability inventory: Agent's inherent file-read and directory scanning capabilities.
- Sanitization: Absent.
Audit Metadata