excalidraw
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user input to generate diagram content via a subagent, creating a surface for indirect prompt injection.\n
- Ingestion points: Diagram descriptions provided by the user as part of the diagram generation request (SKILL.md workflow).\n
- Boundary markers: The subagent prompt template does not utilize explicit boundary markers or instructions to isolate the user-provided diagram description.\n
- Capability inventory: The subagent is a general-purpose agent granted access to the Write tool to output .excalidraw files to the local file system (SKILL.md).\n
- Sanitization: No sanitization or verification of the user-provided text is performed before passing it to the subagent.
Audit Metadata