drawio-diagrams
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection. It is designed to ingest and process external .drawio (XML) files which are then analyzed or rendered for visual quality assurance. Maliciously crafted diagrams containing text-based instructions could influence agent behavior during the evaluation of diagram content.\n
- Ingestion points: External diagram files are read and parsed in scripts/check_drawio_layout.py and scripts/validate_drawio.py.\n
- Boundary markers: The skill does not employ explicit delimiters or safety instructions when processing the content of these files.\n
- Capability inventory: The skill has the ability to execute system commands via scripts/export_drawio.py and delete temporary files via scripts/cleanup_drawio_review_artifacts.py.\n
- Sanitization: No sanitization or filtering of natural language content within the XML nodes is performed before the data is processed by the agent.\n- [REMOTE_CODE_EXECUTION]: The script scripts/export_drawio.py includes functionality to run npx @drawio/postprocess. This command fetches and executes a package from the official npm registry at runtime for diagram optimization, constituting remote execution of third-party code.\n- [COMMAND_EXECUTION]: The script scripts/export_drawio.py performs system command execution using subprocess.run to call the drawio CLI and various system utilities such as open, xdg-open, and cmd.exe for exporting and displaying diagrams. While these are restricted to the intended purpose of the skill, they represent an active command execution capability.\n- [EXTERNAL_DOWNLOADS]: As part of its optimization workflow, the skill fetches the @drawio/postprocess package from the npm registry via npx.
Audit Metadata