java-mermaid-analyzer
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE]: The skill consists entirely of instructional Markdown files (SKILL.md) and reference documents. No executable scripts in Python, Node.js, or other languages are provided.
- [PROMPT_INJECTION]: The skill defines a workflow for processing untrusted Java code and specifically requires the extraction of code comments. This presents a surface for indirect prompt injection. 1. Ingestion points: The 'Code Context' input block in SKILL.md. 2. Boundary markers: The skill relies on markdown code blocks but does not specify instructions to ignore nested commands. 3. Capability inventory: The skill is limited to generating text and Mermaid syntax; it has no file system, network, or subprocess execution capabilities. 4. Sanitization: There is no validation or filtering of the input code or extracted comments.
Audit Metadata