siyuan-excalidraw
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill is designed to access and process a configuration file named
siyuan.jsonwhich is documented to store sensitive authentication information, including a plaintextusernameandpasswordfor WebDAV access. - [COMMAND_EXECUTION]: The execution flow involves the agent calling
subprocess.runto execute thescripts/upload_asset.pyscript with arguments, creating a surface for command injection if the input parameters are not strictly controlled. - [EXTERNAL_DOWNLOADS]: The skill requires the manual installation of the
requestsPython library viapip, which is used by the internal script to perform network operations. - [DATA_EXFILTRATION]: The skill transmits data externally to a WebDAV server specified in the configuration; while this is a core feature, it involves sending user-generated content and credentials over the network.
- [PROMPT_INJECTION]: The skill includes indirect injection risk factors:
- Ingestion points: The agent reads the
siyuan.jsonfile and processes user instructions to generate SVG content. - Boundary markers: There are no boundary markers or instructions to the agent to ignore potentially malicious content within the SVG data or the configuration file.
- Capability inventory: The skill possesses the ability to write to the local file system and perform arbitrary HTTP PUT requests via the
requestslibrary inupload_asset.py. - Sanitization: While
upload_asset.pyperforms basic character replacement on the file name (topic), it does not validate or sanitize thesvg_contentbefore writing it to disk or sending it to the remote server.
Audit Metadata