excalidraw-diagram
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches the Excalidraw library from the esm.sh CDN and automates the installation of the Chromium browser via Playwright. Both sources are well-known and standard for web-based rendering tasks.
- [COMMAND_EXECUTION]: The skill executes a local Python rendering script (
render_excalidraw.py) which invokes a headless browser. This execution is confined to the intended purpose of generating visual previews of diagrams. - [PROMPT_INJECTION]: The skill's instructions focus exclusively on diagram design methodology and contain no instructions to bypass safety guardrails or override system behavior.
- [DATA_EXFILTRATION]: No sensitive file access or unauthorized network activity was detected. The data processed consists of diagram JSON generated by the agent based on user descriptions.
Audit Metadata