Skills
skills/automateyournetwork/netclaw/drawio-diagram/Gen Agent Trust Hub

drawio-diagram

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx to dynamically download and execute the @drawio/mcp package from the NPM registry. This package belongs to a well-known diagramming service and is used for its intended purpose of opening diagrams in a browser environment.
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute the drawio desktop CLI for exporting diagrams to formats like PNG, SVG, and PDF. It also utilizes system commands such as open, xdg-open, or start to display the generated files to the user.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests user-provided text to generate XML, Mermaid, or CSV diagram content.
  • Ingestion points: User requests for specific diagram content and logic (SKILL.md).
  • Boundary markers: Absent; there are no specific delimiters or instructions to ignore embedded commands within the user-provided diagram data.
  • Capability inventory: Shell command execution via the drawio CLI and npx, and file-writing capabilities to the local working directory (SKILL.md).
  • Sanitization: The skill mentions XML attribute escaping for well-formedness but does not implement comprehensive validation or sanitization of the user-provided strings before interpolation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 01:37 AM