Architecture Diagramming Expert
Fail
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the user to install the D2 diagramming tool by piping a script from a remote URL directly to the shell:
curl -fsSL https://d2lang.com/install.sh | sh -s --. This pattern is risky as it executes unverified code from an external domain. - [COMMAND_EXECUTION]: The skill includes several shell commands and a script for local execution:
- Installation commands for various package managers (
brew install d2,choco install d2,npx @mermaid-js/mermaid-cli). - A bash script (
export_diagrams.sh) that iterates through local files and executes thedraw.ioCLI to perform image exports. - Various CLI commands for D2 and Draw.io for rendering and exporting diagrams.
Recommendations
- HIGH: Downloads and executes remote code from: https://d2lang.com/install.sh - DO NOT USE without thorough review
Audit Metadata