Skills
skills/efesto-cloud/skills/entity-er-diagram/Gen Agent Trust Hub

entity-er-diagram

Pass

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from the user's codebase.
  • Ingestion points: The skill reads files from a user-specified 'Entity source directory' (e.g., *.entity.ts, *Model.ts) and an 'Output file path' to merge changes.
  • Boundary markers: No specific boundary markers or instructions are provided to the agent to distinguish between code metadata and potentially malicious natural language instructions embedded in comments or strings within the scanned files.
  • Capability inventory: The skill has the capability to read files from the workspace and write files to any user-provided path.
  • Sanitization: There is no evidence of sanitization or filtering of the extracted content (field names, entity names, types) before they are interpolated into the Mermaid diagram or the final documentation file.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 4, 2026, 05:07 PM