excalidraw
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill employs absolute directives like 'The Iron Law' and 'NEVER' to override agent decision-making regarding file handling.
- [PROMPT_INJECTION]: The skill processes untrusted content from Excalidraw diagrams, creating a surface for indirect prompt injection. Ingestion points: Processes .excalidraw and .excalidraw.json files via subagent delegation in SKILL.md. Boundary markers: Task templates request text-only summaries but lack explicit sanitization or instructions to ignore commands within the diagram data. Capability inventory: Subagents are authorized to read, write, and create files on the system. Sanitization: No validation or filtering is applied to text labels extracted from the JSON files.
Audit Metadata