excalidraw
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
excalidrawCLI to perform all drawing and management tasks, requiring the agent to execute multiple shell commands. - [EXTERNAL_DOWNLOADS]: Setup instructions involve installing the
excalidraw-cliglobally from the author's GitHub repository (github:opencoredev/excalidraw-cli) using thebunpackage manager. - [DATA_EXFILTRATION]: The
excalidraw urlcommand transmits canvas data to the external serviceexcalidraw.comto create encrypted sharing links. This is an intended feature but involves sending user-generated content to a third-party platform. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted external inputs.
- Ingestion points: Reads and processes data from external files via the
batch(JSON),mermaid(Mermaid diagrams), andimport(.excalidraw files) commands. - Boundary markers: Does not implement delimiters or provide instructions to the agent to ignore potentially malicious instructions embedded within these external files.
- Capability inventory: The agent possesses the ability to execute CLI commands, write files to the filesystem (e.g., via
--outflags on screenshots and exports), and perform network operations. - Sanitization: There is no evidence of validation or sanitization of the content within the ingested diagram files before they are parsed and rendered.
Audit Metadata