Skills
skills/agents365-ai/excalidraw-skill/excalidraw/Gen Agent Trust Hub

excalidraw

Warn

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes various system commands for setup, maintenance, and operation:
  • It uses git to check for updates and pull the latest versions from the author's repository, which is triggered after user confirmation.
  • It utilizes npm and npx to install the excalidraw-brute-export-cli utility and associated Playwright browser binaries.
  • It instructs the agent to use sed to directly modify the JavaScript source code of the excalidraw-brute-export-cli package on macOS to adjust keyboard shortcut handling.
  • [EXTERNAL_DOWNLOADS]: The skill downloads and installs the excalidraw-brute-export-cli package and Playwright/Firefox components. These are external dependencies required for local diagram rendering.
  • [DATA_EXFILTRATION]: When exporting via the Kroki API, the skill sends the generated diagram JSON content to https://kroki.io. Users should be aware that their diagram data is processed by this external service.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 13, 2026, 08:44 AM