agent-wiki-erd
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill performs legitimate technical tasks related to data modeling. It generates text-based Mermaid files and stores them in a local design directory without performing network calls or accessing sensitive credentials.\n- [PROMPT_INJECTION]: The skill includes functionality to process external project documentation (PRDs, requirement definitions) which constitutes an indirect prompt injection surface. This is a core part of the skill's functionality and poses no risk given the limited capabilities of the skill.\n
- Ingestion points: Reads .md, .pdf, and .txt files containing project requirements as specified in SKILL.md (Section 2-1).\n
- Boundary markers: The skill does not use specific delimiters to isolate external input from instructions.\n
- Capability inventory: The skill is limited to writing text-based diagram files (.mmd) to the .wiki/design/ directory.\n
- Sanitization: No explicit content sanitization or validation of input files is performed prior to processing for modeling.
Audit Metadata