Skills
skills/ilteoood/harness/drawio/Gen Agent Trust Hub

drawio

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The script drawio-to-png.mjs executes local system commands to locate and run rendering tools.
  • Locates executables using which (Linux/macOS) or where (Windows).
  • Executes the drawio CLI or browser binaries (Chrome, Edge, Chromium) to perform image conversion.
  • [EXTERNAL_DOWNLOADS]: When using the browser-based renderer, the script fetches the official draw.io library.
  • Downloads viewer-static.min.js from https://viewer.diagrams.net to provide the rendering engine.
  • [DYNAMIC_EXECUTION]: The skill dynamically generates execution context for the headless browser.
  • Constructs HTML and JavaScript strings at runtime to wrap and process the diagram XML.
  • Uses page.setContent and page.addScriptTag to assemble the rendering environment.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data (XML files) which presents an injection surface.
  • Ingestion points: Reads .drawio files from the local file system in drawio-to-png.mjs.
  • Boundary markers: Missing explicit prompt delimiters, but the script implements string escaping (backticks, backslashes, dollar signs) before inserting XML into its internal JavaScript template.
  • Capability inventory: Subprocess execution (spawnSync), file system writes (writeFileSync), and network-enabled browser automation (puppeteer).
  • Sanitization: Implements basic character escaping to prevent JavaScript template literal breakout within the browser context.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 02:45 PM
Security Audit — agent-trust-hub — drawio