Skills
skills/github/awesome-copilot/drawio/Gen Agent Trust Hub

drawio

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The export script downloads the official draw.io rendering library from "https://viewer.diagrams.net/js/viewer-static.min.js" when the local CLI tool is not available.
  • [REMOTE_CODE_EXECUTION]: The skill executes the official draw.io rendering engine (JavaScript) within a headless browser environment to convert diagram XML into images.
  • [COMMAND_EXECUTION]: The skill uses spawnSync to execute the local drawio command-line utility for diagram rendering. It identifies the executable using common system paths and environment variables, and passes arguments as an array to prevent command injection.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 12:05 PM