skills/jihe520/mathmodelagent/4drawio/Gen Agent Trust Hub

4drawio

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands to search for a local drawio or draw.io binary and execute it to export diagrams to PDF. This is a standard functional requirement for its stated purpose.
  • [DYNAMIC_EXECUTION]: The skill dynamically constructs DrawIO XML content and writes it to the local figures/ directory using file redirection. No untrusted code execution was observed in this process.
  • [INDIRECT_PROMPT_INJECTION]: The skill reads external reports (ANALYSIS_MODELING_REPORT.md, RESULTS_REPORT.md) to determine diagram requirements, creating a surface for indirect instructions to influence diagram planning.
  • Ingestion points: Local markdown report files (reports/ANALYSIS_MODELING_REPORT.md, reports/RESULTS_REPORT.md).
  • Boundary markers: None.
  • Capability inventory: Bash, Write, Edit, Read, Grep, Glob.
  • Sanitization: No explicit sanitization or validation of the report content is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 03:07 AM
Security Audit — agent-trust-hub — 4drawio