pma-draw
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed for static JSON generation according to a predefined schema. It does not contain executable code or request sensitive permissions within the agent environment.- [SAFE]: No prompt injection or bypass attempts were detected. The instructions prioritize adherence to visual design rules and JSON validation, focusing on structural integrity.- [SAFE]: External URLs and package references (e.g., @pma/viewer, JSDelivr) are part of the intended documentation for integrating the diagrams into external websites and are not used for malicious exfiltration or remote code execution by the agent.- [SAFE]: The skill uses placeholders (e.g., example.com) for integration examples, ensuring no specific third-party infrastructure is targeted unless configured by the user.
Audit Metadata