4drawio
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to search for a local
drawioordraw.iobinary and execute it to export diagrams to PDF. This is a standard functional requirement for its stated purpose. - [DYNAMIC_EXECUTION]: The skill dynamically constructs DrawIO XML content and writes it to the local
figures/directory using file redirection. No untrusted code execution was observed in this process. - [INDIRECT_PROMPT_INJECTION]: The skill reads external reports (
ANALYSIS_MODELING_REPORT.md,RESULTS_REPORT.md) to determine diagram requirements, creating a surface for indirect instructions to influence diagram planning. - Ingestion points: Local markdown report files (reports/ANALYSIS_MODELING_REPORT.md, reports/RESULTS_REPORT.md).
- Boundary markers: None.
- Capability inventory: Bash, Write, Edit, Read, Grep, Glob.
- Sanitization: No explicit sanitization or validation of the report content is mentioned.
Audit Metadata