draw-io
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill executes a bash script (
convert-drawio-to-png.sh) that invokes thedrawioCLI for image conversion and usesgit addto automatically stage generated PNG files. This is a legitimate functional requirement for the intended workflow but grants the agent the capability to modify the repository's git index. - PROMPT_INJECTION (LOW): The skill is designed to parse and manipulate
.drawioXML files which contain user-controlled text elements. This represents an indirect prompt injection surface (Category 8) where malicious instructions could be embedded in diagram labels to influence agent behavior during processing. - Ingestion points:
.drawioXML files are directly read and edited by the agent as part of its layout adjustment tasks. - Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are used when the agent processes the XML content.
- Capability inventory: The agent has the ability to execute shell scripts, run the
drawioCLI, and modify the git state viagit add. - Sanitization: The skill does not perform sanitization or validation of the XML text content before the agent interprets it for layout calculations.
Audit Metadata