drawio-diagrams
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were found in the skill's code. It uses only standard Python libraries and operates locally.
- [EXTERNAL_DOWNLOADS]: The skill references technical documentation and source code from trusted sources including drawio.com and GitHub.
- [PROMPT_INJECTION]: The skill is subject to potential indirect prompt injection due to its core function of processing external XML data.
- Ingestion points: The script reads and parses .drawio files provided as input to commands like summary and list-cells.
- Boundary markers: There are no explicit markers or warnings used to distinguish diagram data from agent instructions in the output.
- Capability inventory: The skill has the capability to write to the local file system using commands like set-cell, apply-theme, and normalize-light.
- Sanitization: No sanitization or filtering of cell values or XML attributes is performed before they are processed or displayed.
Audit Metadata