Skills
skills/xenodium/emacs-skills/d2/Gen Agent Trust Hub

d2

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute emacsclient and the d2 diagram compiler. It queries Emacs for the default face foreground color and background mode to ensure generated diagrams match the user's UI theme. It then executes the d2 command-line utility to convert generated .d2 files into PNG images in the /tmp/ directory.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes data derived from the interaction context to generate diagrams. This creates a surface where malicious content in the conversation could attempt to influence the agent's behavior or the structure of the generated diagram.
  • Ingestion points: Recent interaction context (SKILL.md)
  • Boundary markers: Absent; no delimiters are used when extracting diagram data from the context.
  • Capability inventory: Bash tool execution of emacsclient and d2 (SKILL.md)
  • Sanitization: Absent; the skill does not specify validation or sanitization steps for the data extracted from the context before it is passed to the diagram generation process.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 08:51 PM