draw-io-diagram-generator
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or credentials were found in the skill files or scripts.
- [COMMAND_EXECUTION]: The skill executes local Python scripts ('validate-drawio.py' and 'add-shape.py') to assist with diagram maintenance. These scripts are restricted to XML processing using standard libraries and do not perform dangerous system operations.
- [PROMPT_INJECTION]: Indirect Prompt Injection surface detected. 1. Ingestion points: The skill reads existing '.drawio' files (SKILL.md Section 6). 2. Boundary markers: Absent. 3. Capability inventory: XML generation and file writing. 4. Sanitization: Absent; diagram content is interpreted by the agent. This represents the inherent risk of processing untrusted diagram data.
Audit Metadata