drawio
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No patterns of instruction override, safety bypass, or role-play injection were detected.
- [Data Exposure & Exfiltration] (SAFE): The skill does not access sensitive system paths, hardcoded credentials, or non-whitelisted network domains.
- [Command Execution] (SAFE): The inclusion of a command to run the draw.io CLI for PNG export is standard and directly supports the primary function of the skill without introducing unnecessary risk.
- [Indirect Prompt Injection] (SAFE): Ingestion points: The skill processes .drawio XML files; Boundary markers: Not specified in the skill instructions; Capability inventory: Execution of the drawio CLI command; Sanitization: Not specified. While the agent processes external data, the skill defines a legitimate and constrained use case for document editing.
Audit Metadata