architecture-diagram-creator
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is highly vulnerable to indirect prompt injection due to its core functionality.
- Ingestion points:
SKILL.mdWorkflow step 1 ("Analyze project (README, code structure)") explicitly instructs the agent to read untrusted external data. - Capability inventory: The agent has the capability to write files (
[project]-architecture.html) as per Workflow step 5. - Boundary markers: There are no defined delimiters or instructions to ignore embedded commands within the analyzed project files.
- Sanitization: No sanitization or escaping of the ingested content is specified, increasing the risk of Cross-Site Scripting (XSS) if script tags are included in the source data, or instruction hijacking.
Recommendations
- AI detected serious security threats
Audit Metadata