Skills
skills/forcedotcom/afv-library/generating-visual-diagrams/Gen Agent Trust Hub

generating-visual-diagrams

Fail

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The scripts/check-prerequisites.sh script suggests installing the uv package manager using a remote script from astral.sh (the official domain for the well-known Astral toolchain).
  • [COMMAND_EXECUTION]: The scripts/generate_image.py script uses subprocess.run to execute the macOS open command, which displays the generated image files to the user in the Preview application.
  • [PROMPT_INJECTION]: The Apex and LWC code review features present an indirect prompt injection surface because they ingest raw code into LLM prompts without sanitization or boundary markers.
  • Ingestion points: assets/review/apex-review.md and assets/review/lwc-review.md (via the [paste code here] placeholder).
  • Boundary markers: Absent. The templates do not use specific delimiters or instructions to ignore embedded commands within the code provided by the user.
  • Capability inventory: The skill can execute local shell commands via the scripts/generate_image.py script and the gemini CLI tool.
  • Sanitization: Absent. The skill does not perform validation or escaping of the user-provided code before inclusion in the review prompt.
Recommendations
  • HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
May 14, 2026, 02:37 PM