FlowForge
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill performs file read and write operations to manage configuration and save generated diagrams within its local environment. These activities are essential for core functionality and restricted to the skill's workspace.
- [EXTERNAL_DOWNLOADS]: The documentation references the official Draw.io web interface, which is a well-known service for viewing and editing diagrams. This is provided for user guidance and does not involve automated or hidden downloads.
- [PROMPT_INJECTION]: The skill processes untrusted user documents, presenting a surface for indirect prompt injection. This is mitigated by the skill's non-executable output format and a workflow that requires user confirmation before final diagram generation. Ingestion point: Step 1 (document processing); Boundary markers: Absent; Capability inventory: Local file I/O; Sanitization: XML entity escaping.
Audit Metadata