causal-loop-diagram-generator
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches the
vis-networklibrary fromunpkg.com, which is a well-known CDN service for distributing NPM packages. - Evidence:
assets/cld-inline.jsandassets/cld-viewer/main.htmlreference thevis-networklibrary viaunpkg.comfor loading diagram rendering functionality. - [COMMAND_EXECUTION]: The skill performs file system operations to set up the diagram infrastructure within the user's project.
- Evidence:
SKILL.mdinstructions guide the agent to create multiple JSON files indocs/sims/cld-viewer/examples/, write Markdown articles indocs/articles/, and update the project'smkdocs.ymlnavigation structure. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface (Category 8) related to its handling of user-influenced system descriptions.
- Ingestion points: User-supplied topics are used by the agent to generate content (labels, descriptions, and loop names) for JSON data files stored in
docs/sims/cld-viewer/examples/. - Boundary markers: No specific delimiters or instructions are used to separate untrusted content from the rendering logic within the generated files or the processing scripts.
- Capability inventory: The skill is capable of writing files to the local project directory and executing JavaScript that manipulates the browser DOM when the resulting site is viewed.
- Sanitization: The
cld-viewer.jsscript uses.innerHTMLto render metadata and descriptions directly from the JSON files. This creates a potential XSS surface if an adversary provides a topic that causes the agent to generate malicious script content within those fields.
Audit Metadata