excalidraw-mcp-server
Warn
Audited by Snyk on May 16, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.70). The skill explicitly instructs using a hosted MCP endpoint (https://mcp.excalidraw.com in "Remote Server (Recommended)") and its generated HTML loads third‑party JS via CDN (e.g., in "Generating the HTML Response"), so the agent/client will fetch and render untrusted external code that could influence runtime behavior.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The generated HTML returned by the skill loads and executes remote JavaScript at render time from unpkg (e.g. https://unpkg.com/@excalidraw/excalidraw/dist/excalidraw.production.min.js, https://unpkg.com/react@18/umd/react.production.min.js, https://unpkg.com/react-dom@18/umd/react-dom.production.min.js), which are fetched during runtime and are required dependencies to render/drive the interactive Excalidraw UI, so they execute remote code affecting client behavior.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata