excalidraw-skill
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted text data from Excalidraw elements (e.g., shape labels) which could be used to influence agent behavior. (1) Ingestion points: Element text and labels retrieved via 'describe_scene' and 'export-elements.cjs'. (2) Boundary markers: No delimiters or protective instructions are used to isolate element content. (3) Capability inventory: Local file writing and network requests to arbitrary URLs. (4) Sanitization: No filtering of input text is performed.
- [Data Exposure & Exfiltration] (LOW): The scripts perform network operations to user-supplied URLs and interact with the local filesystem to read and write element data, representing a surface for potential exfiltration to non-whitelisted domains if the target server is redirected.
Audit Metadata