excalidraw-diagrams
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill interacts with a local Excalidraw server instance at http://localhost:3000 using standard curl-based API requests.\n- [COMMAND_EXECUTION]: The skill instructions involve executing local commands to start the canvas server (
npm run canvas) and to run a Python script for screenshots (uv run). These operations are necessary for the skill's stated purpose and do not show signs of malicious intent or privilege escalation.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it renders user-controlled text and Mermaid diagrams. This could allow an attacker to embed instructions in visual artifacts that the agent might inadvertently follow when verifying output.\n - Ingestion points: User-provided element
textproperties andmermaidDiagrampayloads inSKILL.md.\n - Boundary markers: None specified in the instructions to separate data from instructions.\n
- Capability inventory: Shell command execution (curl, npm, python), filesystem access for temporary artifacts (/tmp), and browser automation (playwright).\n
- Sanitization: No explicit sanitization or filtering of input text before rendering is described.
Audit Metadata