excalidraw
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's setup instructions direct the user or agent to clone a repository from an untrusted third-party GitHub account (yctimlin/mcp_excalidraw) to install the necessary MCP server component.
- [COMMAND_EXECUTION]: The installation and execution process involves running shell commands including 'npm ci', 'npm run build', and 'node', which execute code downloaded from the aforementioned external repository.
- [DATA_EXFILTRATION]: The skill utilizes an 'export_to_excalidraw_url' function that uploads the current canvas content to excalidraw.com to generate a shareable link, which constitutes external data transfer of potentially sensitive diagram content.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted text descriptions and Mermaid diagram code to generate visual elements. • Ingestion points: User-provided descriptions and Mermaid strings processed via create_from_mermaid. • Boundary markers: No delimiters or ignore-instruction warnings are present in the processing logic. • Capability inventory: The agent has the ability to create elements, manipulate the viewport, and perform network-based exports. • Sanitization: There is no evidence of input validation or sanitization before the data is passed to the drawing tools.
Audit Metadata