drawio
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads the core logic and diagram presets from the upstream repository
Agents365-ai/drawio-skillviagit cloneor thenpx skillsinstallation utility. - [COMMAND_EXECUTION]: Orchestrates the installation of the
draw.iodesktop CLI andGraphvizusing system package managers likebrew(macOS) andapt-get(Linux), including the use ofsudofor system-level installation. - [COMMAND_EXECUTION]: Executes a suite of local Python scripts (
pyimports.py,autolayout.py,shapesearch.py, etc.) to extract codebase metadata and generate diagram XML files. - [PROMPT_INJECTION]: The skill processes external codebase files to generate diagrams, creating a surface for indirect prompt injection where malicious instructions embedded in the analyzed source code could attempt to influence the agent.
- Ingestion points: Source code ingestion via
pyimports.py,jsimports.py,goimports.py, andrustimports.py(SKILL.md, Step 4). - Boundary markers: Absent; the skill does not explicitly define delimiters to separate codebase content from instructions.
- Capability inventory: The skill utilizes
Bash,Read,Write, andWebFetchtools (SKILL.md, allowed-tools). - Sanitization: Not identified; codebase contents are processed for structural metadata without explicit filtering of natural language instructions.
Audit Metadata