Skills
skills/lwlee2608/agent-skills/ascii-diagram/Gen Agent Trust Hub

ascii-diagram

Pass

Audited by Gen Agent Trust Hub on Apr 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses local shell commands (awk, grep) to inspect file content. This provides a direct interface to system utilities for text processing.
  • [PROMPT_INJECTION]: The skill contains an Indirect Prompt Injection surface (Category 8) because it processes untrusted inputs within shell commands.
  • Ingestion points: Diagram content and session 'context' strings provided in the prompt (SKILL.md).
  • Boundary markers: None are present to isolate user data from the command execution flow.
  • Capability inventory: Uses the 'Write' tool and 'bash' execution environment.
  • Sanitization: No validation or escaping is applied to the context string or diagram data, allowing for potential command injection if malicious strings are used for the file path. Mitigations include using random file names and avoiding shell-based inspection of untrusted content.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 25, 2026, 03:32 AM