c4-container
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Data Exposure] (SAFE): No hardcoded credentials, API keys, or access to sensitive system paths were identified.
- [Indirect Prompt Injection] (LOW): The skill possesses a surface for indirect prompt injection as it is designed to analyze external data such as Kubernetes manifests and component documentation.
- Ingestion points: Kubernetes manifests, component documentation (
c4-component-name.md), and implementation playbooks. - Boundary markers: None present in the prompt instructions to delimit untrusted input.
- Capability inventory: The skill is limited to documentation and diagram generation; it lacks file-writing, network-sending, or command-execution capabilities.
- Sanitization: No sanitization logic or instructions provided.
- [Command Execution] (SAFE): The skill does not contain any instructions to spawn subprocesses or execute shell commands.
- [Remote Code Execution] (SAFE): No external scripts or packages are downloaded or executed at runtime.
Audit Metadata