Trust Assessment
diagrams-generator received a trust score of 66/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, User input embedded directly into downstream agent prompt, User-controlled variables used in file paths without sanitization.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 15, 2026 (commit 1823c3f6). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | User input embedded directly into downstream agent prompt The skill instructs the agent to construct a prompt for the `diagrams-architect` agent by directly embedding user-derived variables (`${diagramType}`, `${scope}`) into the `args` field of the `Skill` invocation. A malicious user could inject prompt instructions into their request (e.g., via `diagramType` or `scope`), which would then be passed to the `diagrams-architect` agent. This could manipulate the downstream agent's behavior, cause it to generate unintended content, or potentially extract sensitive information from its context. Implement robust sanitization or escaping of user-derived variables (`diagramType`, `scope`) before embedding them into the `args` for the `diagrams-architect` skill. Consider using a structured data format for inter-agent communication instead of raw string prompts if the downstream agent supports it, to clearly separate instructions from user-provided data. | LLM | SKILL.md:80 | |
| HIGH | User-controlled variables used in file paths without sanitization The skill instructs the agent to save generated diagrams to specific file paths that incorporate user-derived variables such as `{module}` and `{env}` (e.g., `.specweave/docs/internal/architecture/diagrams/{module}/`). If these variables are not properly sanitized to remove path traversal sequences (e.g., `../`, `/`), a malicious user could craft input that causes the agent to write files to arbitrary locations on the filesystem. This could lead to overwriting critical system files, exfiltrating data by writing to publicly accessible directories, or causing denial of service. Implement strict validation and sanitization for all user-derived variables (e.g., `{module}`, `{env}`) used in file paths. Ensure these variables only contain allowed characters (e.g., alphanumeric, hyphens, underscores) and explicitly disallow path separators (`/`, `\`) or traversal sequences (`..`). A dedicated file naming function that enforces a safe subset of characters should be used. | LLM | SKILL.md:95 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | plugins/specweave-diagrams/skills/diagrams-generator/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/a8bcdfa9938a8bf8)
Powered by SkillShield