Architecture Diagramming Expert

Fail

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructs the user to install the D2 diagramming tool by piping a script from a remote URL directly to the shell: curl -fsSL https://d2lang.com/install.sh | sh -s --. This pattern is risky as it executes unverified code from an external domain.
  • [COMMAND_EXECUTION]: The skill includes several shell commands and a script for local execution:
  • Installation commands for various package managers (brew install d2, choco install d2, npx @mermaid-js/mermaid-cli).
  • A bash script (export_diagrams.sh) that iterates through local files and executes the draw.io CLI to perform image exports.
  • Various CLI commands for D2 and Draw.io for rendering and exporting diagrams.
Recommendations
  • HIGH: Downloads and executes remote code from: https://d2lang.com/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Jul 6, 2026, 04:01 AM
Security Audit — agent-trust-hub — Architecture Diagramming Expert