drawio
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to download the Draw.io Desktop AppImage from the official jgraph GitHub repository. This external resource is a well-known tool used for the skill's primary purpose of diagram rendering.
- [COMMAND_EXECUTION]: To convert XML diagrams to PNG format, the skill provides command-line templates for the agent to use, including changing file permissions (
chmod +x) and executing the AppImage withxvfb-run. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8). Evidence includes: Ingestion points: The agent takes user-supplied labels and descriptions to populate XML values. Boundary markers: No explicit delimiters or safety instructions are provided to the agent to treat this user content as untrusted. Capability inventory: The agent has file-writing capabilities and is instructed on how to execute shell commands for rendering. Sanitization: No sanitization or escaping of user input is specified before inclusion in the XML attributes.
- [NO_CODE]: The skill is entirely composed of documentation and XML templates without local executable code. However, it makes several references to an external utility script,
fix_drawio_edges.py, which is not included in the provided file set.
Audit Metadata