excalidraw
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill defines patterns for processing external diagram files which may contain instructions embedded by an attacker to influence subagent behavior.\n
- Ingestion points: Processes text and data from
*.excalidrawand*.excalidraw.jsonfiles.\n - Boundary markers: The provided 'Subagent Task Templates' do not define delimiters (such as XML tags or clear separators) to isolate external diagram data from the subagent's task instructions.\n
- Capability inventory: Subagents are explicitly tasked with read, create, and modify operations on the filesystem (e.g., 'Write updated file', 'Write to file.excalidraw.json').\n
- Sanitization: There are no instructions to validate or sanitize text labels or structural metadata extracted from the JSON before processing or re-writing.\n- [No Code] (SAFE): The skill is composed strictly of markdown documentation and guidance, with no executable scripts, binaries, or external library dependencies, which minimizes the direct execution risk.
Audit Metadata