ascii-diagram-boxflow
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Category 2: Data Exposure & Exfiltration] (SAFE): The script only reads from standard input and writes to standard output. No file system access or network activity was detected.
- [Category 4: Unverifiable Dependencies & Remote Code Execution] (SAFE): No external dependencies are required; the script uses only Python standard libraries. No remote code execution patterns or dangerous subprocess calls were found.
- [Category 8: Indirect Prompt Injection] (LOW): The skill processes user-supplied node labels and edges. While it lacks explicit sanitization beyond length truncation, the script possesses no side-effect capabilities (e.g., execution, writing, networking), limiting the risk of indirect injection to the visual output of the diagram.
- [Category 10: Dynamic Execution] (SAFE): No dynamic execution, unsafe deserialization, or runtime compilation techniques were identified.
Audit Metadata