arch-diagram
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFECREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill's workflow in Step 6 explicitly directs the agent to search for "connection" strings and "https://api." string literals within the repository code. While intended to identify architectural dependencies, these searches often return hardcoded secrets such as database passwords or API keys. There are no instructions provided to the agent to mask or sanitize these values before including them in the final diagram output.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface by ingesting and processing untrusted repository content to generate diagrams. Ingestion points: The agent reads repository content through
repo_map,search, andoutcome_progresstools called in SKILL.md. Boundary markers: No delimiters or warnings are provided to the agent to ignore instructions embedded within the codebase being analyzed. Capability inventory: The agent uses read-access tools (repo_map,search,list_roots,outcome_progress) which could be used to gather and summarize sensitive data if triggered by a hidden instruction in the source code. Sanitization: No sanitization or validation of the ingested repository content is mentioned in the instructions.
Audit Metadata