architecture-diagram
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill operates locally to generate architectural diagrams. It reads from its own internal reference files (icons.md, layout-patterns.md) and populates an HTML template. It does not perform network requests or access sensitive user data.
- [EXTERNAL_DOWNLOADS]: The documentation suggests the manual installation of Playwright and Chromium to support optional rendering functionality. These are recognized developer tools provided by a well-known vendor.
- [PROMPT_INJECTION]: The skill has a surface for indirect injection as it parses user-provided component descriptions to populate HTML labels. Ingestion points: User-supplied architecture details (SKILL.md). Boundary markers: None. Capability inventory: Writing HTML files to the local working directory. Sanitization: No explicit escaping logic is provided in the asset template. The risk is limited to the integrity of the generated artifact.
Audit Metadata