excalidraw-diagram-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md "When User Requests Icons" workflow explicitly instructs fetching .excalidrawlib files from the public site https://libraries.excalidraw.com/ and reading the generated reference.md and icons/*.json under skills/.../libraries/, so the agent is expected to ingest untrusted third‑party icon JSON and use it to shape diagram generation which can change tool actions and outputs.