Security audit

Drawio Generator.Bak

Security checks across malware telemetry and agentic risk

Overview

This skill coherently generates editable draw.io links and does not show hidden installs, local data access, persistence, or destructive behavior.

Before installing, be aware that diagram content may be embedded in a diagrams.net link and shared with that external service when opened. Avoid including secrets or confidential architecture details unless that is acceptable. The publisher should narrow the trigger wording, but the inspected behavior is coherent and proportionate.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The activation condition is extremely broad, covering essentially any request for a visual representation, which can cause the skill to trigger in many unrelated contexts. Over-broad invocation increases the chance that untrusted user content is funneled into code-generation and script-execution workflows without sufficient user intent, validation, or least-privilege routing.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal