Skills
skills/lingzhi227/claude-skills/excalidraw-skill/Gen Agent Trust Hub

excalidraw-skill

Pass

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [Prompt Injection] (LOW): The skill is vulnerable to indirect prompt injection because it ingests untrusted data from the Excalidraw canvas (e.g., text labels) which are then processed by the agent.
  • Ingestion points: describe_scene (via API response) and scripts/import-elements.cjs (via file input).
  • Boundary markers: Absent. There are no delimiters or specific instructions provided to the agent to distinguish between its own instructions and the content of the diagram elements.
  • Capability inventory: The skill has the capability to perform network requests (fetch) to a user-defined URL and write files to the local disk (fs.writeFileSync in scripts/export-elements.cjs).
  • Sanitization: Absent. Text content from the canvas is passed to the agent without filtering or escaping potentially malicious instructions.
  • [Data Exposure] (LOW): The file I/O operations in export-elements.cjs and import-elements.cjs allow the agent to read and write files on the local system. While these are intended for diagram data, they represent a capability that could be leveraged if the agent's logic is subverted.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 20, 2026, 05:22 AM