excalidraw
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the @excalidraw/utils library from the esm.sh CDN to enable diagram rendering and export capabilities.
- [COMMAND_EXECUTION]: Executes shell commands to start and stop a local HTTP server (python3 -m http.server) used as a temporary origin for the browser-based export workflow.
- [REMOTE_CODE_EXECUTION]: Employs Playwright to execute JavaScript in a browser context, which includes dynamically importing rendering logic from a remote CDN.
- [DATA_EXFILTRATION]: Analyzes codebase files to identify components and relationships; no unauthorized external transmission of source code was detected.
Audit Metadata