c4-model
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
npx likec4 validatein Phase 6 to verify the syntax of produced C4 models. This is a legitimate use of development tooling for linting and validation purposes. - [EXTERNAL_DOWNLOADS]: The skill utilizes
npxto execute commands, which may download thelikec4package from the public npm registry if not locally available. LikeC4 is a well-known architecture-as-code tool. - [PROMPT_INJECTION]: The skill reads external files such as Architecture Decision Records (ADRs) and existing models to identify architectural drift. This creates a surface for indirect prompt injection, though the logic is focused on specific name extraction.
- Ingestion points: Reads files matching
**/*.c4,**/likec4.config.*, and documents within ADR-related directories (e.g.,docs/adr/,docs/decisions/). - Boundary markers: No specific delimiters or safety instructions are applied to the ingested content.
- Capability inventory: Subprocess execution of
npx likec4 validateand local file writes for model and configuration files. - Sanitization: The skill identifies and extracts component names for comparison; it does not explicitly perform sanitization of the text contained within the ADRs.
Audit Metadata