033-architecture-diagrams
Use when you need to generate Java project diagrams — including UML sequence diagrams, UML class diagrams, C4 model diagrams, UML state machine diagrams, and ER (Entity Relationship) diagrams — through a modular, step-based interactive process that adapts to your specific visualization needs. Part of the skills-for-java project
69
61%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/033-architecture-diagrams/SKILL.mdSecurity
2 findings — 2 medium severity. This skill can be installed but you should review these findings before use.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.70). The skill's required templates and rendering steps explicitly fetch and include public third-party resources (e.g., !include https://raw.githubusercontent.com/plantuml-stdlib/C4-PlantUML/... in the C4 templates and curl/download of plantuml.jar from GitHub), so the agent will retrieve and process untrusted external content that can influence diagram generation and tool behavior.
W012: Unverifiable external dependency detected (runtime URL that controls agent)
What this means
The skill fetches instructions or code from an external URL at runtime, and the fetched content directly controls the agent’s prompts or executes code. This dynamic dependency allows the external source to modify the agent’s behavior without any changes to the skill itself.
Why it was flagged
Potentially malicious external URL detected (high risk: 0.90). The skill instructs operators to fetch and execute a remote PlantUML JAR at runtime (curl -L -o plantuml.jar https://github.com/plantuml/plantuml/releases/latest/download/plantuml.jar then java -jar plantuml.jar), which downloads and executes external code that the skill relies on for validation/rendering.
- Repository
- jabrena/cursor-rules-java
- Commit
1847adc
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.