drawio-skill
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes the draw.io desktop application CLI to perform diagram exports and metadata embedding. It also executes bundled Python scripts (repair_png.py and encode_drawio_url.py) to handle binary file corrections and string encoding. Standard system utilities like mkdir and platform-specific open commands are used for file management.- [EXTERNAL_DOWNLOADS]: Provides guidance for downloading the required draw.io application from official and trusted sources, including Homebrew and the official jgraph repository on GitHub.- [PROMPT_INJECTION]: An indirect prompt injection surface is present in the style extraction workflow which processes untrusted diagram data.
- Ingestion points: The skill parses content from user-provided .drawio XML files and various image formats (PNG, JPG) in references/style-extraction.md.
- Boundary markers: The instructions do not define delimiters or markers to isolate untrusted label data from the agent's context.
- Capability inventory: The skill executes shell commands and writes to the local filesystem.
- Sanitization: Extraction logic uses regex for semantic role mapping but does not implement filtering or sanitization for potential malicious instructions within diagram labels.
Audit Metadata