Skills
skills/forceinjection/awesome-skills/drawio-designer/Gen Agent Trust Hub

drawio-designer

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes a bash script scripts/drawio-to-png.sh that executes shell commands to call external diagram conversion tools like drawio or drawio-batch. While the script uses quoting for variables, it is a mechanism for executing shell commands based on provided file paths.
  • [PROMPT_INJECTION]: The skill is designed to ingest and manipulate external .drawio XML files, which constitutes a surface for indirect prompt injection.
  • Ingestion points: Reads and edits .drawio XML files (e.g., in SKILL.md examples).
  • Boundary markers: No explicit instructions are provided to the agent to treat XML content as untrusted data or to use delimiters to prevent instruction leakage.
  • Capability inventory: The skill can execute shell scripts (drawio-to-png.sh), Python scripts (find-arch-icon.py), and perform XML modifications.
  • Sanitization: There is no evidence of sanitization or structural validation performed on the XML content before the agent processes it.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 02:30 AM