033-architecture-diagrams
Pass
Audited by Gen Agent Trust Hub on Jul 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
./mvnw validateormvn validateto ensure the Java project is in a valid state before diagram generation. This is a standard project management operation. - [COMMAND_EXECUTION]: The skill uses
docker runto execute the PlantUML CLI via the officialplantuml/plantumlcontainer for syntax validation and image rendering. The command is restricted to the current working directory. - [EXTERNAL_DOWNLOADS]: The skill references the official
plantuml/plantumlDocker image from a well-known container registry, which is an expected behavior for a tool that automates diagram rendering without local dependencies. - [PROMPT_INJECTION]: The skill processes external data including user-provided repository URLs, local repository paths, and system description files. This ingestion of untrusted source material constitutes an indirect prompt injection surface.
- Ingestion points: User-provided repository URLs and local file paths for code analysis.
- Boundary markers: None explicitly identified in the instructions for separating untrusted data from the system context.
- Capability inventory: The skill has command execution capabilities via Maven and Docker.
- Sanitization: None identified; the skill instructions direct the agent to inspect files and repositories directly.
Audit Metadata