excalidraw
Warn
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill includes instructions to install the
excalidraw-brute-export-clipackage and the Playwright browser engine vianpmandnpxif they are not already present. This represents the installation of third-party software from public registries at runtime.- [DATA_EXFILTRATION]: The workflow involves sending diagram data to the external servicehttps://kroki.ioviacurlto generate SVG exports. While this is a common utility for diagram rendering, it involves transmitting potentially sensitive content contained in the diagrams to a remote server.- [COMMAND_EXECUTION]: The skill utilizes shell access to executecurl,python, and theexcalidraw-brute-export-clitool. This broad execution capability is used for network operations and local file processing.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes user-supplied descriptions through the$ARGUMENTSvariable to generate complex Excalidraw JSON structures without sanitization. - Ingestion points: User-provided diagram descriptions in
SKILL.md. - Boundary markers: No delimiters or ignore instructions are used for the input data.
- Capability inventory: The skill has access to
Bash,Write, andReadtools. - Sanitization: No input validation or escaping mechanisms are implemented for the interpolated user content.
Audit Metadata