drawio

Benign. The skill focuses on local, user-driven diagram generation and export via the draw.io desktop CLI with explicit, user-controlled workflows. There are no credential requirements, no remote data transfers, and no execution of untrusted binaries or pipelines. The data flow is confined to the user’s machine (input prompts → local .drawio XML → local exports). The only potential risk is if the user inadvertently runs imports/exports with untrusted files, but this is inherent to any diagramming workflow and not a security flaw in the skill design itself.