Skills
skills/timseriakov/likec4-architecture-skill/likec4-architecture/Gen Agent Trust Hub

likec4-architecture

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes npx likec4 commands (validate, start, build, export) to process architecture models. This is the core intended functionality and uses standard CLI tools.
  • [EXTERNAL_DOWNLOADS]: Dependencies are resolved via npx, which downloads the likec4 package from the npm registry. The skill points to official documentation at likec4.dev, which is a well-known service for this DSL.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it translates user requests into .c4 architecture files without explicit sanitization.
  • Ingestion points: User architecture queries and descriptions defined in the SKILL.md workflow.
  • Boundary markers: None; the skill does not use delimiters to isolate user input in the generated DSL files.
  • Capability inventory: The skill writes .c4 files to the filesystem and executes the likec4 CLI on those files.
  • Sanitization: User-provided labels and descriptions are interpolated into model files without escaping or validation logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 08:41 PM