drawio-generator
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is generating and modifying
.drawiofiles based on user input. These file operations are local to the workspace and restricted to the diagramming domain. - [SAFE]: The use of a multi-agent architecture (generator, validator, and fixer) is a design pattern for handling complex logic and does not introduce security vulnerabilities in this context.
- [SAFE]: Installation and resource references point to the author's official repository on GitHub, following standard practices for skill distribution.
- [SAFE]: No obfuscation, hardcoded credentials, or unauthorized network operations were found in the skill's instructions or supporting scripts.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it ingests untrusted data (user descriptions, code snippets, or existing XML files) to derive diagram structures.
- Ingestion points: SKILL.md (Phase 1: Understand) and agents/xml-generator.md ingest user-provided text, code, and schemas.
- Boundary markers: Absent. The skill treats the ingested data as the source of truth for the diagram structure without explicit delimiters.
- Capability inventory: The skill can write
.drawiofiles to the filesystem and spawn subagents using the Agent tool. - Sanitization: The validation phase (agents/xml-validator.md) checks for XML schema compliance and diagram quality but does not specifically sanitize for prompt injection attempts within the metadata or labels.
Audit Metadata