excalidraw

SUSPICIOUS. The skill’s functional scope is mostly coherent and proportionate for diagram generation, with no clear credential harvesting or malicious data exfiltration. However, the supporting installation/trust evidence points to third-party personal GitHub repos and mutable container tags rather than official Excalidraw distribution, so supply-chain trust is the main concern.