excalidraw-learning-aids
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Detailed review of the skill's instructions and utility scripts confirms that they operate within expected parameters. No malicious patterns, such as prompt injection, persistence mechanisms, or credential theft, were identified.
- [PROMPT_INJECTION]: The skill processes untrusted input from local repositories, creating an inherent surface for indirect prompt injection, although no specific malicious instructions are present in the provided files.
- Ingestion points: Repository source code, manifests, and file structures are processed by
scripts/repo_snapshot.pyand direct agent inspection. - Boundary markers: The instructions do not specify delimiters or warnings to ignore instructions found within the analyzed source code.
- Capability inventory: The agent can execute the provided Python scripts (
repo_snapshot.py,create_excalidraw_scene.py) and interact with Excalidraw-related tools or APIs. - Sanitization: Content from the repository is read without sanitization or validation to filter out potential natural language instructions.
Audit Metadata