Skills
skills/aradotso/mcp-skills/blueprint-mcp-diagram-generation/Gen Agent Trust Hub

blueprint-mcp-diagram-generation

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface by ingesting untrusted data and interpolating it into prompts used for diagram generation.
  • Ingestion points: Data is pulled from various external sources including local files (read_file), GitHub repositories (github_list_files), HubSpot deals (hubspot_get_deal), and Google Drive documents (gdrive_read_file).
  • Capability inventory: The skill possesses network capabilities to send these prompts to the Arcade API via the start_diagram_job tool.
  • Boundary markers: The instructions do not define clear delimiters or "ignore instructions" markers when embedding external content into the diagram prompt templates.
  • Sanitization: No sanitization, escaping, or validation of the ingested content is described before it is processed by the LLM.
  • [SAFE]: The skill interacts with well-known services (Arcade AI, Google AI Studio) and provides standard security guidance, such as using a CLI tool to store secrets rather than hardcoding them in files.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 07:30 PM
Security Audit — agent-trust-hub — blueprint-mcp-diagram-generation