draw-io
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill uses a local shell script to execute the 'drawio' CLI for image conversion and 'git' for staging files. These operations are restricted to the local workspace and are necessary for the skill's stated purpose.
- [EXTERNAL_DOWNLOADS] (SAFE): No external downloads, remote script executions, or unverifiable dependencies were detected. The skill assumes local availability of the 'drawio' and 'python' environments.
- [DATA_EXFILTRATION] (SAFE): Analysis confirms no network requests (curl, wget, etc.) or attempts to access sensitive system files like credentials or SSH keys.
- [PROMPT_INJECTION] (SAFE): While the skill contains instructional language for the agent (e.g., 'YOU MUST' for margins), these are design constraints for diagramming and do not attempt to override system safety protocols.
Audit Metadata