drawio
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
draw.iocommand-line interface to export diagrams. These commands are restricted to the intended purpose of the skill and use standard flags for file conversion (e.g.,-x,-f,-o). On Linux, it correctly usesxvfb-runfor headless operation. - [EXTERNAL_DOWNLOADS]: The documentation references the official JGraph Draw.io desktop releases on GitHub (
https://github.com/jgraph/drawio-desktop/releases) for installation. This is a trusted and well-known software source. - [DATA_EXFILTRATION]: No evidence of data exfiltration was found. The skill operates on local files generated during the session. Network activity is limited to downloading the necessary application (by the user) and displaying the author's payment QR codes hosted on GitHub.
- [PROMPT_INJECTION]: The instructions do not contain any patterns designed to bypass agent safety filters or override system instructions. It uses natural instructional language to guide diagram generation.
- [CREDENTIALS_UNSAFE]: No hardcoded credentials, API keys, or secrets were detected in the skill files or metadata.
Audit Metadata