c4-interactive-html
Warn
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The skill instructions specify that the agent should read the
.envfile during the architecture analysis process. Accessing these files poses a risk of exposing sensitive information such as API keys, database credentials, or secret tokens if they are inadvertently included in the generated HTML report. - [PROMPT_INJECTION]: The skill ingests untrusted data from the repository's source code and configuration files to build the diagram, which creates an indirect prompt injection vulnerability.
- Ingestion points: Various project files including
package.json,pom.xml,docker-compose.yml, and source code files. - Boundary markers: No delimiters or instructions are provided to the agent to ignore potentially malicious embedded instructions in the analyzed files.
- Capability inventory: The agent has the capability to write files to the local system (e.g.,
~/Downloads/c4-architecture.html). - Sanitization: The instructions do not mention any sanitization, validation, or escaping of the content extracted from the workspace before it is used.
- [EXTERNAL_DOWNLOADS]: The skill uses the Google Fonts CDN to provide typography for the generated HTML diagram. This is a well-known and trusted external service and is used here for legitimate styling purposes.
Audit Metadata