c4-code
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, hardcoded credentials, or obfuscated content were detected. The skill's primary function is to guide the agent in creating structural documentation and Mermaid diagrams.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it ingests untrusted data from source code directories.
- Ingestion points: External code directories and files analyzed by the agent.
- Boundary markers: Absent; there are no instructions to use delimiters or safety wrappers when processing file contents.
- Capability inventory: The skill facilitates reading and analyzing code but does not define or use tools for network access, file system writes, or command execution.
- Sanitization: The skill does not implement sanitization or filtering for instructions potentially embedded in the source code being analyzed.
Audit Metadata