excalidraw-diagram

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's mandatory Render & Validate step runs references/render_template.html which imports the Excalidraw module from the public CDN https://esm.sh/@excalidraw/excalidraw (a runtime fetch of third-party code), so untrusted remote content can influence the rendered PNG that the agent is instructed to read—creating a vector for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's rendering template dynamically imports and executes remote JavaScript from https://esm.sh/@excalidraw/excalidraw?bundle in the headless Chromium render step, so this external URL is fetched at runtime, executes remote code, and is required for the skill to function.