causal-loop-diagram-generator

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches the vis-network library from unpkg.com, which is a well-known CDN service for distributing NPM packages.
  • Evidence: assets/cld-inline.js and assets/cld-viewer/main.html reference the vis-network library via unpkg.com for loading diagram rendering functionality.
  • [COMMAND_EXECUTION]: The skill performs file system operations to set up the diagram infrastructure within the user's project.
  • Evidence: SKILL.md instructions guide the agent to create multiple JSON files in docs/sims/cld-viewer/examples/, write Markdown articles in docs/articles/, and update the project's mkdocs.yml navigation structure.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface (Category 8) related to its handling of user-influenced system descriptions.
  • Ingestion points: User-supplied topics are used by the agent to generate content (labels, descriptions, and loop names) for JSON data files stored in docs/sims/cld-viewer/examples/.
  • Boundary markers: No specific delimiters or instructions are used to separate untrusted content from the rendering logic within the generated files or the processing scripts.
  • Capability inventory: The skill is capable of writing files to the local project directory and executing JavaScript that manipulates the browser DOM when the resulting site is viewed.
  • Sanitization: The cld-viewer.js script uses .innerHTML to render metadata and descriptions directly from the JSON files. This creates a potential XSS surface if an adversary provides a topic that causes the agent to generate malicious script content within those fields.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 03:36 PM
Security Audit — agent-trust-hub — causal-loop-diagram-generator