Skills
skills/jgraph/drawio-mcp/drawio/Gen Agent Trust Hub

drawio

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes user-provided descriptions to generate mxGraphModel XML, creating an indirect prompt injection surface.
  • Ingestion points: User instructions provided via the /drawio command or natural language diagram requests are used to generate XML content (SKILL.md).
  • Boundary markers: Absent; the instructions do not include specific delimiters or warnings to the agent to disregard instructions that might be embedded within the user's diagram description.
  • Capability inventory: The skill utilizes the Bash tool for command execution and the Write tool for file creation (SKILL.md).
  • Sanitization: No explicit sanitization, validation, or escaping of the user-provided data is defined before it is used to generate the XML structure.
  • [COMMAND_EXECUTION]: The skill executes local shell commands to facilitate diagram processing and viewing.
  • Invokes the draw.io desktop CLI (e.g., /Applications/draw.io.app/Contents/MacOS/draw.io or drawio.exe) to export XML to formats like PNG, SVG, or PDF (SKILL.md).
  • Uses platform-specific commands such as open, xdg-open, and start to launch the generated files in the system's default viewer (SKILL.md).
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 11:38 PM