excalidraw
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it instructs the agent to read codebase content and reproduce text and details verbatim in the generated diagrams. Maliciously crafted comments or documentation in the analyzed codebase could influence the agent's behavior or cause it to display deceptive information.
- Ingestion points: Codebase files (via external reading tools) and user-provided sample diagrams.
- Boundary markers: Absent. The skill explicitly directs the agent to "Preserve ALL text and detail" and "reproduce it verbatim."
- Capability inventory: Writing to the local filesystem (
export_to_image,export_scene), updating a live canvas (batch_create_elements), and transmitting data to an external service (export_to_excalidraw_url). - Sanitization: Absent. There are no instructions to validate or sanitize content extracted from the codebase before processing it.
- [COMMAND_EXECUTION]: The skill utilizes tools that can write files to the local filesystem (
export_to_image,export_scene). These tools accept afilePathparameter which allows writing to arbitrary locations, creating a risk of overwriting sensitive files if the agent is manipulated into selecting an unsafe path. - [DATA_EXFILTRATION]: The skill provides a tool (
export_to_excalidraw_url) that sends the current canvas state to Excalidraw's official service to generate a shareable URL. Users should be aware that architectural details of their systems will be transmitted to this third-party platform when using this feature.
Audit Metadata