insight-diagram
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructions and provided reference files do not contain any malicious patterns such as prompt injection, unauthorized data exfiltration, or obfuscated code execution. The skill's behavior is consistent with its stated purpose of project documentation and visualization.
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection because it reads and processes untrusted source code from the project directory.
- Ingestion points: The skill reads project metadata (CLAUDE.md) and various source files (**/.go, **/.py, **/*.ts) as described in Step 1 of SKILL.md.
- Boundary markers: The instructions do not provide specific boundary markers or 'ignore' instructions for the extracted code content.
- Capability inventory: The skill uses Glob, Read, and Grep tools, invokes the external /architecture-diagram skill, and writes generated HTML/SVG files to the docs/ directory.
- Sanitization: No sanitization or filtering of the extracted codebase content is mentioned in the instructions.
Audit Metadata