mimar
Pass
Audited by Gen Agent Trust Hub on Jun 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a Node.js script (
scripts/generate-architecture.mjs) intended to be executed locally. This script performs file system operations (reading directory structures and writing an ARCHITECTURE.md file). These operations are restricted to the local workspace and align with the skill's stated purpose. - [DATA_EXFILTRATION]: The skill's inspection logic includes a robust set of ignored directories (e.g.,
.git,.venv,node_modules) and file names (e.g., lock files) to prevent the accidental processing of sensitive configuration or history data. - [INDIRECT_PROMPT_INJECTION]: The generator script implements several sanitization functions, such as
sanitizeMermaidLabel,escapeMarkdownTableCell, andescapeBackticks. These functions ensure that data extracted from the codebase (such as file names or package names) is safely escaped before being interpolated into the generated Markdown documentation, preventing schema confusion or layout breaking in the output file.
Audit Metadata