Skills
skills/zeroz-lab/gmdiagram/gm-architecture/Gen Agent Trust Hub

gm-architecture

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes a helper script scripts/export.sh that utilizes shell commands and local Node.js/Python execution to convert HTML and SVG diagrams into PNG or PDF files. The script implements path validation to ensure output files are written within the current working directory.
  • [EXTERNAL_DOWNLOADS]: The scripts/export.sh utility dynamically installs the @resvg/resvg-js package from the NPM registry mirror if the library is not detected in the local environment.
  • [PROMPT_INJECTION]: Instructions in SKILL.md include proactive security measures, specifically directing the agent to escape HTML special characters in all user-provided text fields to prevent cross-site scripting (XSS) in generated diagram files.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 05:20 AM