Skills
skills/edwingao28/excalidraw-skill/auto-diagram/Gen Agent Trust Hub

auto-diagram

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the user to execute shell commands to start a local server using npx excalidraw-toolkit start. While this is a common developer workflow for this specific tool, it involves downloading and executing external code at the user's discretion.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) because it is designed to ingest and process untrusted data from arbitrary codebases.
  • Ingestion points: The analysis pipeline uses ls, read_file, glob, and grep (SKILL.md) to read file names and content from any repository the agent is directed to analyze.
  • Boundary markers: The instructions do not include boundary markers or explicit directives to the agent to ignore or isolate instructions that might be embedded within the files being read.
  • Capability inventory: The agent has access to file system tools (ls, read_file, grep, glob) and the mcp__excalidraw__* tool suite for canvas manipulation.
  • Sanitization: No sanitization or validation of the content read from the codebase is performed before it is processed by the agent. An attacker could place malicious instructions in comments or metadata within a repository to influence the agent's behavior during analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 12:29 PM