diagram-design
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [PROMPT_INJECTION]: The onboarding flow described in
references/onboarding.mdcreates an attack surface for indirect prompt injection by processing external website content. - Ingestion points:
references/onboarding.mdinstructs the agent to fetch HTML and CSS from a user-provided URL usingagent-browser. - Boundary markers: Absent; there are no explicit delimiters or instructions to ignore potential commands embedded in the fetched content.
- Capability inventory: The agent uses the fetched content to write design tokens into
references/style-guide.md. It does not have access to higher-risk capabilities like arbitrary shell execution or sensitive file reads in this context. - Sanitization: No explicit sanitization or filtering is prescribed for the external content.
- [EXTERNAL_DOWNLOADS]: The skill initiates network requests as part of its primary customization feature.
- Evidence:
references/onboarding.mddirects the agent to fetch website data to extract branding information, which is a core functional requirement of the skill's onboarding process.
Audit Metadata