creating-tech-diagrams
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted user input (Topic and Title) and interpolates it into diagram prompt templates and filenames.
- Ingestion points: User-provided topics and titles in SKILL.md.
- Boundary markers: None present in PROMPT_TEMPLATE.md to distinguish user content from instructions.
- Capability inventory: The agent is instructed to create and write markdown files in output/tech-diagram/ (SKILL.md Step 9).
- Sanitization: No sanitization or escaping of the user-provided topic is specified, relying on the underlying agent's default safety behavior.
- [Prompt Injection] (SAFE): No malicious instructions were found in the metadata or the body of the skill files.
- [Data Exposure & Exfiltration] (SAFE): The skill only interacts with local project directories and does not attempt to access sensitive system files or make network requests.
- [Obfuscation] (SAFE): No obfuscated code, hidden characters, or suspicious encoding detected.
Audit Metadata