excalidraw-diagram
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to utilize a file-writing capability (referred to as 'Write工具') to automatically save the generated diagram files to the current working directory. This behavior is consistent with the skill's primary purpose of file generation and follows a defined template for output.
- [EXTERNAL_DOWNLOADS]: The skill references well-known external services and repositories, including excalidraw.com, a GitHub repository for an Obsidian plugin, and a public animation previewer (dai-shi.github.io). These references are used for documentation and intended user workflow, not for remote code execution.
- [PROMPT_INJECTION]: The skill includes strict formatting instructions to ensure the output matches Excalidraw schemas. While it processes untrusted user data to generate diagram content, it includes sanitization rules (e.g., replacing specific characters) to maintain the integrity of the generated JSON and Markdown structures.
Audit Metadata