draw-io
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill utilizes a bash script
scripts/convert-drawio-to-png.shwhich executes thedrawioCLI andgit add. These operations are standard for the tool's purpose of automating diagram exports and version control staging. - EXTERNAL_DOWNLOADS (SAFE): While the skill mentions environment managers like
miseandpre-commit, it does not contain any code that performs unverified remote downloads or executes scripts from untrusted external URLs. - DATA_EXFILTRATION (SAFE): No network activity or access to sensitive credentials/files was detected. The scripts operate strictly on local diagram files and internal reference documentation.
Audit Metadata