Skills
AGENT LAB: SKILLS
skills/github/awesome-copilot/excalidraw-diagram-generator/Gen Agent Trust Hub

excalidraw-diagram-generator

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it processes untrusted external data.
  • Ingestion points: split-excalidraw-library.py (line 125) and add-arrow.py (line 155) read external JSON files.
  • Boundary markers: Absent. There is no logic to isolate natural language content within the JSON from the agent's instruction stream.
  • Capability inventory: The agent can read, write, and rename files on the local filesystem.
  • Sanitization: Only filename sanitization is performed in split-excalidraw-library.py (line 32); content interpretation by the agent remains unsanitized.
  • COMMAND_EXECUTION (MEDIUM): The scripts perform file system operations (os.rename, Path.unlink, open().write()) using paths provided via command-line arguments. If an agent is manipulated via prompt injection, these scripts could be used to overwrite or corrupt sensitive system files.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 08:53 PM