Skills
skills/bmad-code-org/bmad-builder/bmad-excalidraw/Gen Agent Trust Hub

bmad-excalidraw

Warn

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The instructions in diagram-generation.md direct the agent to execute shell commands (e.g., python3 scripts/generate_excalidraw.py --spec '<json-spec>' --output '.../{filename}.excalidraw') where the arguments are derived directly from user input. If a user provides a diagram title or content containing shell metacharacters like single quotes, they could potentially break out of the command string and execute arbitrary shell commands on the system.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted user descriptions to generate diagram specifications without sufficient safeguards.
  • Ingestion points: User descriptions and intent detection in SKILL.md and guided-design.md.
  • Boundary markers: None. The agent is not instructed to use delimiters or ignore instructions embedded within the user's diagram description.
  • Capability inventory: The skill has the capability to write files to the local filesystem and execute shell commands using the scripts/generate_excalidraw.py and scripts/validate_excalidraw.py scripts (referenced in diagram-generation.md).
  • Sanitization: There is no mention of sanitizing or escaping the <json-spec> or the {filename} before they are interpolated into the shell commands.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 13, 2026, 11:24 AM
Security Audit — agent-trust-hub — bmad-excalidraw