excalidraw-diagram

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requires the execution of shell commands for environment setup, specifically using uv sync to manage Python dependencies and uv run playwright install chromium to install the necessary browser engine.
  • [EXTERNAL_DOWNLOADS]: The rendering pipeline performs network operations to download the Chromium browser via Playwright and dynamically fetches the Excalidraw library from https://esm.sh during the rendering process. These are well-known and standard developer services.
  • [REMOTE_CODE_EXECUTION]: The skill utilizes a Python script (render_excalidraw.py) that launches a headless browser to execute JavaScript. This is used strictly for rendering diagram JSON into SVG/PNG format using the official Excalidraw export utility.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 05:06 AM
Security Audit — agent-trust-hub — excalidraw-diagram