Skills
skills/thomast1906/github-copilot-agent-skills/drawio-mcp-diagramming/Gen Agent Trust Hub

drawio-mcp-diagramming

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill includes Python maintenance scripts that fetch icon metadata and stencil definitions from the official jgraph/drawio repository on GitHub. These downloads target well-known services and are used to update static local reference files.
  • [COMMAND_EXECUTION]: The agent is instructed to use the grep utility on local text files to verify icon paths. This is a secure method for icon discovery that avoids runtime network dependencies and ensures data integrity.
  • [INDIRECT_PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection as it interpolates user-provided descriptions into XML diagrams.
  • Ingestion points: User-provided infrastructure descriptions (SKILL.md).
  • Boundary markers: Absent.
  • Capability inventory: drawio/create_diagram MCP tool.
  • Sanitization: Absent for user-supplied text labels.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 09:52 PM