Skills
skills/gabrielmoreira/agent-skills-mirror/drawio-skill/Gen Agent Trust Hub

drawio-skill

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to utilize the drawio (or draw.io) desktop application CLI to export XML diagrams to various formats (PNG, SVG, PDF, JPG). These commands are standard for the skill's functionality.
  • [COMMAND_EXECUTION]: Multiple bundled scripts, such as autolayout.py and pyimports.py, execute the Graphviz dot and tred utilities via subprocess.run to compute node positions and simplify dependency graphs. The scripts use list-based arguments to prevent shell injection.
  • [EXTERNAL_DOWNLOADS]: The aiicons.py script programmatically retrieves brand logos from trusted and well-known services, specifically unpkg.com (for @lobehub/icons-static-svg) and cdn.simpleicons.org. This is used to include high-quality icons in user-requested diagrams and follows safe practices for asset retrieval.
  • [PROMPT_INJECTION]: The skill processes untrusted local data, such as project directories and user-provided .drawio files, to generate visualizations. This constitutes an indirect prompt injection surface.
  • Ingestion points: scripts/pyimports.py, scripts/jsimports.py, scripts/goimports.py, scripts/rustimports.py, scripts/pyclasses.py (project files); references/style-extraction.md (XML and Image presets).
  • Boundary markers: Not explicitly defined in data processing scripts.
  • Capability inventory: subprocess.run for local tool execution (drawio, dot, tred).
  • Sanitization: Uses xml.sax.saxutils.escape in autolayout.py to prevent XML structural injection, though processed labels are presented to the LLM context during review loops.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 12:42 PM
Security Audit — agent-trust-hub — drawio-skill