excalidraw
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8) as it processes untrusted user data without sanitization or boundary markers.
- Ingestion points: .excalidraw and .excalidraw.json files (SKILL.md).
- Boundary markers: Absent; subagent templates do not specify delimiters or instructions to ignore embedded commands within diagram text.
- Capability inventory: The workflow involves file reading and modification via subagent delegation (SKILL.md).
- Sanitization: Absent; the subagent is instructed to extract raw text elements which could contain adversarial instructions.
Audit Metadata