detect-diagram-crossings
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were found. The skill operates exclusively on user-provided SVG/HTML files to perform diagram layout validation.\n- [EXTERNAL_DOWNLOADS]: The skill depends on
jsdom, a well-known library for DOM parsing in Node.js. This dependency is declared inpackage.jsonand is sourced from the official NPM registry.\n- [PROMPT_INJECTION]: The skill includes an attack surface for indirect prompt injection as it processes external diagram data. \n - Ingestion points: SVG and HTML content is read and parsed by
detect_all.js,detect_all.py, anddetect_crossings.pyusing standard file reading methods.\n - Boundary markers: The scripts do not implement specific boundary markers or instructions to ignore embedded content within the processed files.\n
- Capability inventory: The scripts are restricted to read operations on the input files and mathematical calculations. They output analysis results to the console. No network or file-write capabilities were identified.\n
- Sanitization: The tool reports findings based on SVG coordinates and labels. While it does not sanitize text content, its function is strictly limited to reporting layout metrics, which minimizes the risk of the agent executing embedded instructions.
Audit Metadata