033-architecture-diagrams

Pass

Audited by Gen Agent Trust Hub on Jul 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes ./mvnw validate or mvn validate to ensure the Java project is in a valid state before diagram generation. This is a standard project management operation.
  • [COMMAND_EXECUTION]: The skill uses docker run to execute the PlantUML CLI via the official plantuml/plantuml container for syntax validation and image rendering. The command is restricted to the current working directory.
  • [EXTERNAL_DOWNLOADS]: The skill references the official plantuml/plantuml Docker image from a well-known container registry, which is an expected behavior for a tool that automates diagram rendering without local dependencies.
  • [PROMPT_INJECTION]: The skill processes external data including user-provided repository URLs, local repository paths, and system description files. This ingestion of untrusted source material constitutes an indirect prompt injection surface.
  • Ingestion points: User-provided repository URLs and local file paths for code analysis.
  • Boundary markers: None explicitly identified in the instructions for separating untrusted data from the system context.
  • Capability inventory: The skill has command execution capabilities via Maven and Docker.
  • Sanitization: None identified; the skill instructions direct the agent to inspect files and repositories directly.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 11, 2026, 05:56 PM