legal-visualization

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/export_drawio.py invokes the local drawio or diagrams.net command-line utility using subprocess.run(). This is done to automate the export of diagrams into image formats like PNG and SVG. The implementation is secure as it uses a list-based command construction that avoids shell injection risks and only targets verified local binaries.
  • [EXTERNAL_DOWNLOADS]: The documentation references well-known and trusted external resources, including the PyYAML Python library and the draw.io desktop application. These references are standard for the skill's functionality and do not involve untrusted or dangerous sources.
  • [SAFE]: Extensive analysis across all threat categories confirms that the skill is benign. There is no evidence of prompt injection, credential theft, obfuscation, or persistence mechanisms. The skill's business logic emphasizes data integrity, such as requiring explicit labeling for any unverified legal facts.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 04:03 PM
Security Audit — agent-trust-hub — legal-visualization