excalidraw
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- NO_CODE (SAFE): The skill is composed entirely of markdown documentation and JSON templates. No scripts (.py, .js, .sh) or executable files are included.
- DATA_EXPOSURE (SAFE): No hardcoded credentials, sensitive file paths, or network operations were found. The mention of 'dataURL' in the image reference is a standard part of the Excalidraw format and is used as a placeholder.
- PROMPT_INJECTION (SAFE): The instructions are strictly limited to explaining the Excalidraw file format and best practices for diagram design. There are no attempts to override agent behavior or bypass safety filters.
- INDIRECT_PROMPT_INJECTION (LOW): While the agent will interpolate user-provided text into diagram labels, the skill itself lacks any capabilities (like command execution or network access) that could be exploited via such an injection.
Audit Metadata