bmorphism-diagrams
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill performs multiple shell executions of the
duckdbbinary. The example workflow demonstrates fetching content into a variable ($DIAGRAM) and suggests using it in subsequent calls without any sanitization or escaping. - Evidence: Use of backticks for shell execution in the 'Example Workflow' and 'Interleaving Protocol' sections.
- [DATA_EXFILTRATION] (MEDIUM): The skill requires direct access to
~/mermaid_diagrams.duckdb. Reading from the home directory provides an attack surface for exposing local data if the database or the paths are manipulated to target sensitive files (e.g.,.sshor.awscredentials) via SQL functions or path traversal. - Evidence: Hardcoded path to
~/mermaid_diagrams.duckdbused in multiple shell commands. - [PROMPT_INJECTION] (MEDIUM): This skill is vulnerable to Indirect Prompt Injection (Category 8). It ingests untrusted data from an external database and renders it via a mermaid tool without boundary markers or sanitization.
- Ingestion points:
~/mermaid_diagrams.duckdb(File access via DuckDB). - Boundary markers: Absent; the content is retrieved and used directly.
- Capability inventory: Shell command execution (
duckdb) and tool execution (mermaid). - Sanitization: Absent; database content is treated as trusted executable code/markup.
Recommendations
- AI detected serious security threats
Audit Metadata