processon-diagram-generator

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill performs a version check by fetching a JSON file from the official ProcessOn GitHub repository (github.com/processonai/processon-skills). This is a standard practice for maintaining skill updates.- [COMMAND_EXECUTION]: The skill uses run_shell_command to execute curl for the version check and provides npx commands for installation and updates. These are routine operations within the intended environment.- [DATA_EXFILTRATION]: User-provided diagram descriptions and the PROCESSON_API_KEY (set by the user) are sent to the official ProcessOn API (smart.processon.com). This communication is necessary for the skill's primary function and targets the vendor's own infrastructure.- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests untrusted user input to generate diagrams.
  • Ingestion points: User input provided to the agent as diagram descriptions (processed in SKILL.md).
  • Boundary markers: Absent; the user input is interpolated into the API request without explicit delimiters.
  • Capability inventory: Subprocess execution via run_shell_command in SKILL.md, file system writes for saving images in scripts/processon_api_client.py, and network operations for API interaction.
  • Sanitization: Absent; the raw user input is optimized and sent to the remote API.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 03:07 PM
Security Audit — agent-trust-hub — processon-diagram-generator