excalidraw-diagram
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits vulnerability to indirect prompt injection (Category 8) as it is designed to ingest and process arbitrary external content to generate visual diagrams.
- Ingestion points: The skill reads content from external sources including repositories, specifications, architecture descriptions, workflows, and PR bodies (referenced in
SKILL.mdworkflow steps). - Boundary markers: The instructions lack explicit boundary markers, delimiters, or guidance to the agent to disregard instructions potentially embedded within the source material.
- Capability inventory: The skill has the capability to write files to the filesystem (
.excalidrawfiles) and invoke external tools/MCPs to render or verify diagrams (referenced inSKILL.md). - Sanitization: No sanitization, escaping, or validation logic is defined for the input data before it is incorporated into the prompt context for diagram generation.
- [COMMAND_EXECUTION]: The skill instructs the agent to perform file system operations, specifically writing editable
.excalidrawfiles to the current directory or adocs/folder. It also encourages the use of the Excalidraw MCP or CLI tools for drawing and verification tasks.
Audit Metadata