excalidraw-diagram

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits vulnerability to indirect prompt injection (Category 8) as it is designed to ingest and process arbitrary external content to generate visual diagrams.
  • Ingestion points: The skill reads content from external sources including repositories, specifications, architecture descriptions, workflows, and PR bodies (referenced in SKILL.md workflow steps).
  • Boundary markers: The instructions lack explicit boundary markers, delimiters, or guidance to the agent to disregard instructions potentially embedded within the source material.
  • Capability inventory: The skill has the capability to write files to the filesystem (.excalidraw files) and invoke external tools/MCPs to render or verify diagrams (referenced in SKILL.md).
  • Sanitization: No sanitization, escaping, or validation logic is defined for the input data before it is incorporated into the prompt context for diagram generation.
  • [COMMAND_EXECUTION]: The skill instructs the agent to perform file system operations, specifically writing editable .excalidraw files to the current directory or a docs/ folder. It also encourages the use of the Excalidraw MCP or CLI tools for drawing and verification tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 01:15 PM
Security Audit — agent-trust-hub — excalidraw-diagram