Excalidraw Flowchart
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires an external CLI tool
@swiftlysingh/excalidraw-cliwhich is not from a pre-approved trusted source. It also suggests usingnpxto execute this package directly from the registry without version pinning, which poses a risk of supply chain attacks if the package is compromised. - [COMMAND_EXECUTION] (LOW): The skill generates and executes shell commands using
npxornpm. While these are based on user-provided descriptions, the structure uses heredocs and inline strings which could be manipulated if the agent doesn't properly sanitize the generated DSL before execution. - [INDIRECT_PROMPT_INJECTION] (MEDIUM): Category 8 analysis:
- Ingestion points: Processes natural language descriptions from the user to generate diagrams (SKILL.md).
- Boundary markers: None. The DSL is interpolated directly into shell commands (
--inline "YOUR_DSL_HERE"). - Capability inventory: Execution of external CLI via
npxand file writing to the local filesystem (-o flowchart.excalidraw). - Sanitization: No explicit sanitization of the DSL input is mentioned before it is passed to the shell command. An attacker could potentially craft a diagram description that attempts to break out of the DSL string and execute arbitrary shell commands.
Audit Metadata