erd-design
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized access attempts were detected. The skill functions solely as a documentation and diagramming utility.
- [NO_CODE]: The skill consists entirely of markdown instructions and Mermaid (.mmd) templates. There are no executable scripts (e.g., Python, Bash, JavaScript) or binary files included.
- [PROMPT_INJECTION]: The skill includes instructions to process external user-provided data such as PRDs, requirement definitions, and existing diagram files (Section 2-1). This constitutes a surface for indirect prompt injection where instructions could be hidden in the processed data. However, given that the skill's capabilities are limited to generating text-based Mermaid files and it lacks dangerous tools or network access, the risk is negligible.
- Ingestion points: Document files (.md, .pdf, .txt) and existing Mermaid files (.mmd) as defined in SKILL.md.
- Boundary markers: None explicitly defined to isolate embedded instructions.
- Capability inventory: Limited to text-based file creation (.mmd).
- Sanitization: None specified for input content.
Audit Metadata