drawio-diagram
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were detected in the skill files. The skill's primary function is to generate structured XML text for visualization.
- [EXTERNAL_DOWNLOADS]: The skill references Draw.io's official web application (app.diagrams.net) and documentation (drawio.com). These are well-known services related to the skill's core purpose.
- [PROMPT_INJECTION]: The skill processes untrusted data such as user descriptions and project code to generate diagram XML.
- Ingestion points: User-provided text descriptions and project code files referenced in
reference/generation.mdandreference/style-migration.md. - Boundary markers: Not explicitly defined for inputs; however, the skill generates output within a rigid XML schema template.
- Capability inventory: The skill is limited to generating XML strings. It contains no instructions for subprocess execution, file system modification, or network requests.
- Sanitization: The skill provides explicit instructions in
SKILL.mdandreference/generation.mdto escape special characters like '&', '<', and '>' to ensure valid XML formatting and prevent injection issues.
Audit Metadata