architecture-diagram
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's template loads
html2canvasandjsPDFfrom a well-known content delivery network (jsDelivr). These are legitimate, widely-used libraries for browser-based rendering and PDF generation. The implementation correctly includes Subresource Integrity (SRI) hashes to ensure that only the verified, untampered versions of these scripts are executed in the browser. - [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection by interpolating user-provided architectural requirements into an HTML template. 1. Ingestion points: User architectural descriptions provided during interaction. 2. Boundary markers: No explicit instructions or delimiters are used to wrap the interpolated user data. 3. Capability inventory: The skill generates HTML files that include SVG and JavaScript for user-initiated export features. 4. Sanitization: No explicit sanitization or escaping of user input is specified for the text labels rendered within the diagram. This represents a standard surface for static report generation tools.
- [DATA_EXFILTRATION]: No unauthorized exfiltration or exposure of sensitive data was identified. Browser APIs such as
navigator.clipboardandURL.createObjectURLare used appropriately for the 'Copy' and 'Download' features triggered by user interaction.
Audit Metadata