excalidraw
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill instructions specify fetching component libraries from 'libraries.excalidraw.com'. This is an untrusted external source according to the security policy, although it is functionally relevant to the skill's purpose.
- [PROMPT_INJECTION] (LOW): Category 8: Indirect Prompt Injection surface detected. The skill is designed to read and parse external '.excalidraw' files provided by users.
- Ingestion points: '.excalidraw' files are read and parsed during the 'Modify Diagram' workflow and subagent delegation.
- Boundary markers: Absent. There are no instructions to ignore embedded natural language instructions within the JSON data.
- Capability inventory: The skill can parse files and generate text summaries or modified JSON based on the input.
- Sanitization: Absent. No validation or filtering of the incoming JSON content is mentioned.
Audit Metadata