diagram-generator
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script scripts/main.cjs uses child_process.spawn to execute a local script generate.mjs within the skill's directory structure. This facilitates the delegation of complex diagramming logic to a specialized helper file.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface.\n
- Ingestion points: Local codebase files are scanned using Read, Glob, and Grep tools to identify architectural patterns and relationships.\n
- Boundary markers: No specific delimiters or directives are used to separate the content of the analyzed files from the model's instructions.\n
- Capability inventory: The skill has broad read/write access to the filesystem and can execute local Node.js scripts via spawn.\n
- Sanitization: There is no evidence of content sanitization or validation for the data extracted from the project codebase before it is processed by the underlying model for diagram generation.
Audit Metadata