ac-diagram
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted local source code and business documentation, which creates a surface for indirect prompt injection.
- Ingestion points: Reads files and modules specified by the user during the research phase in both SKILL.md and analyzer.md.
- Boundary markers: The skill does not define specific delimiters to wrap or isolate ingested code content from agent instructions.
- Capability inventory: Can export files and generate external URLs using the mermaid-live MCP and retrieve data via ace-tool.
- Sanitization: No sanitization is performed on the code content before it is processed by the agent.
- [DATA_EXFILTRATION]: The skill can generate external Mermaid Live URLs, which involves sending diagram data to a remote service.
- Evidence: This is a documented feature (--format url) in SKILL.md. Usage is gated by instructions requiring user confirmation and sensitivity assessments, and it targets a well-known service.
Audit Metadata