Skills
skills/thomast1906/github-copilot-agent-skills/azure-drawio-mcp-diagramming/Gen Agent Trust Hub

azure-drawio-mcp-diagramming

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill includes a maintenance script (scripts/search_azure2_icons_github.py) that fetches icon metadata from the official Draw.io GitHub repository (jgraph/drawio) to update the local catalog. This script is intended for periodic administrative use and is not executed by the agent during normal diagramming operations.\n- [PROMPT_INJECTION]: The skill processes user-provided content such as architecture descriptions or Terraform infrastructure code to generate diagram XML, which represents an indirect prompt injection surface.\n
  • Ingestion points: User-provided architecture requests and Terraform files (components/ folder).\n
  • Boundary markers: No explicit boundary markers or "ignore" instructions are specified for the XML payload construction.\n
  • Capability inventory: The skill calls the drawio/create_diagram tool to render diagrams.\n
  • Sanitization: Icon paths are validated against the local references/azure2-complete-catalog.txt file before the diagram is generated.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 03:15 PM