excalidraw-skill
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [SAFE]: No malicious code, obfuscation, or hardcoded credentials were detected in the skill files or scripts. No sensitive local file access was observed.
- [COMMAND_EXECUTION]: The skill utilizes Node.js scripts (located in
scripts/*.cjs) to interact with a canvas server via HTTP. These scripts facilitate management tasks such as clearing the canvas, creating, updating, and deleting elements, as well as exporting and importing diagram data. - [DATA_EXFILTRATION]: The tool
export_to_excalidraw_urltransmits canvas data to the well-known serviceexcalidraw.comto generate shareable links. This behavior is documented and consistent with the skill's purpose. - [PROMPT_INJECTION]: The skill has a vulnerability surface for indirect prompt injection because it ingests and processes untrusted text data from the Excalidraw canvas.
- Ingestion points: Tools such as
describe_scene,query_elements, andget_elementread element metadata and text labels from the canvas server (defaulting tolocalhost). - Boundary markers: The instructions do not implement specific delimiters or "ignore instructions" warnings when processing text retrieved from diagram labels.
- Capability inventory: The agent has the ability to execute shell commands (via the provided scripts), perform file system writes (via
export-elements.cjs), and conduct network operations via HTTP. - Sanitization: No validation or sanitization is performed on the element text retrieved from the canvas server before it is returned to the agent context.
Audit Metadata