contextweave-diagrams-architecture
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local Node.js scripts (e.g., generate_contextweave.cjs, edit_contextweave.cjs) to handle diagram generation and editing logic. These executions are constrained to the skill's own script directory and operate on localized data.
- [EXTERNAL_DOWNLOADS]: The skill connects to the ContextWeave API (api.contextweave.site) to render diagrams and export assets. This network activity is restricted to an allowlisted domain belonging to the vendor.
- [DATA_EXFILTRATION]: The skill reads structural data and user requests from local markdown files and transmits them to the remote API. This is the primary intended function of the skill for generating visual output.
- [PROMPT_INJECTION]: The skill has a potential surface for indirect prompt injection since it processes user-provided text that is later sent to an external API.
- Ingestion points: Input files located in the .cw_skill/requests/ directory.
- Boundary markers: The skill instructions specify using # Request and # CW delimiters within the input files to separate user intent from code.
- Capability inventory: The skill can read and write files within the current working directory and perform network requests to a specific allowlisted domain.
- Sanitization: The CWClient class implements a validateSafePath method that ensures all file operations are restricted to absolute paths within the current working directory, preventing path traversal attacks.
Audit Metadata