obsidian-plugin-excalidraw
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is purely instructional, serving as a schema definition and best-practice guide for creating Excalidraw diagram files in JSON format. It does not contain any scripts, binary files, or network-active components.
- [SAFE]: No patterns of prompt injection or malicious overrides were found. The 'AI Generation Mandatory Constraints' section actually provides safety and formatting guardrails to ensure valid output.
- [SAFE]: The skill demonstrates security awareness by explicitly warning against the use of
javascript:protocols in link fields to prevent XSS (Cross-Site Scripting) vulnerabilities within the Obsidian environment. - [SAFE]: All mentioned functionalities, such as internal Obsidian links and the
exec:script execution prefix, are documented as standard features of the target Obsidian plugin and are used here for legitimate diagramming purposes.
Audit Metadata