excalidraw
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill uses
computerandtabs_context_mcptools to perform browser automation, including clicking, typing, and executing arbitrary JavaScript onhttps://excalidraw.com. While intended for drawing, these capabilities could be repurposed to interact with other open tabs or sensitive browser data if the agent is misled by malicious input. - [DATA_EXFILTRATION] (MEDIUM): The skill frequently takes screenshots (
action: "screenshot") and reads page state to drive its logic. This creates a risk of data exposure if the agent captures sensitive information visible in the browser (e.g., other tabs, extensions, or logged-in user data) and passes it back into the model context. - **[INDIRECT PROMPT INJECTION] (HIGH
- Risk Factor):** This skill has a high-risk surface (Category 8) because it ingests complex data (Excalidraw element definitions) and has high-privilege write capabilities (browser automation). A malicious drawing definition could theoretically attempt to break out of the intended schema to influence the agent's next steps in the automation sequence.
- [DYNAMIC EXECUTION] (MEDIUM): The skill relies on injecting and executing multiple
asyncJavaScript blocks to manage focus and clipboard state. This is a form of runtime code generation that could be exploited to run unauthorized scripts in the context of the user's browser session.
Audit Metadata