ai-drawio
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute
python -m http.server 8765and use browser automation tools to view the generated diagram. While this starts a network-listening process, it is a standard method for local visualization of the skill's output.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by interpolating user-controlled titles and descriptions into a local HTML template. \n - Ingestion points: Diagram description and title provided by the user in the HTML template within SKILL.md. \n
- Boundary markers: None present in the template. \n
- Capability inventory: Python local server execution and browser navigation/screenshot capabilities. \n
- Sanitization: No explicit sanitization or escaping of the user-provided strings is mentioned before interpolation.
Audit Metadata