drawio
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local Node.js scripts (open-drawio.js, search-shapes.js, validate-mxfile.js) and system-level utilities (open, xdg-open, start, or the drawio CLI) to manage diagrams and perform shape searches.\n- [DATA_EXPOSURE_EXFILTRATION]: Diagram content is compressed and transmitted to the official draw.io web editor (https://app.diagrams.net/) to enable interactive editing. This is the intended behavior for opening diagrams in the browser.\n- [INDIRECT_PROMPT_INJECTION]: The skill processes user-supplied diagram files (XML and Mermaid), which presents a potential surface for indirect prompt injection. The skill includes design-time instructions and structural validation to mitigate this risk.\n
- Ingestion points: Reads existing .drawio and Mermaid files as specified in SKILL.md.\n
- Boundary markers: Relies on reference documentation within the references/ directory to guide diagram generation.\n
- Capability inventory: Involves reading from and writing to the file system, opening URLs in a browser, and executing local shell commands.\n
- Sanitization: Employs a dedicated structural validator (validate-mxfile.js) to verify the well-formedness of diagram XML.\n- [UNVERIFIABLE_DEPENDENCIES_RCE]: The skill instructions suggest the optional use of the @drawio/postprocess utility via npx to refine diagram files. This utility is a standard component of the draw.io toolchain.
Audit Metadata