mind-map
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No malicious instructions or safety bypass patterns were found in the main logic or reference files.
- [Data Exposure & Exfiltration] (SAFE): The skill identifies codebase structures by reading package.json or pyproject.toml, which is standard for architectural visualization. It does not target high-value secrets (e.g., .env, .ssh) and has no network capability to exfiltrate data.
- [Indirect Prompt Injection] (SAFE): The skill processes external file content. While this creates a vulnerability surface, the narrow output format (Mermaid) and strict structural validation in Step 5 (node limits, word counts) prevent the propagation of malicious instructions.
- [Remote Code Execution] (SAFE): No logic exists for downloading or executing remote code. References to external packages in documentation are suggestions for user-side tools and are not executed by the agent itself.
Audit Metadata