Excalidraw Flowchart
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@swiftlysingh/excalidraw-cliNPM package from an unverified source not listed in the trusted vendors list. - [REMOTE_CODE_EXECUTION]: The SKILL.md instructions utilize npx to execute the unverified CLI tool directly, which results in the execution of remote code from the NPM registry during the skill's operation.
- [COMMAND_EXECUTION]: The skill defines command-line patterns that interpolate user-provided DSL into shell strings (e.g.,
npx ... --inline "YOUR_DSL_HERE"). This structure is vulnerable to command injection if a malicious user provides input containing shell metacharacters like semicolons or backticks. - [DATA_EXFILTRATION]: The skill's DSL supports image embedding using local file paths (e.g.,
![path],@decorate path). An attacker could provide a path to a sensitive local file (such as SSH keys or configuration files) which might then be processed by the CLI tool and included in the output Excalidraw file. - [PROMPT_INJECTION]: The skill ingests untrusted natural language from the user to generate diagrams without using explicit boundary markers or instruction-ignoring delimiters.
- Ingestion points: User natural language request processed in Step 1 of SKILL.md.
- Boundary markers: Absent; no delimiters or "ignore" instructions are used when passing user-derived content to the CLI.
- Capability inventory: File writing (-o flag) and subprocess execution (npx).
- Sanitization: Absent; no evidence of validation or escaping for the user-provided DSL content.
Audit Metadata