peer-review
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts using
subprocess.runwith list-based arguments, which is a secure method that prevents shell injection. It also provides instructions for the agent to utilize an external script (pdf_to_images.py) within a known skill directory structure for processing presentation files. - [EXTERNAL_DOWNLOADS]: The schematic generation tool communicates with
openrouter.aito access generative AI models for creating and reviewing scientific diagrams. This network activity is consistent with the skill's stated purpose and targets a well-known service provider. - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it is designed to process untrusted manuscript text and presentation images. This is identified as a low-risk architectural factor inherent to the document review use-case, and the skill partially mitigates this by instructing the agent to use image-based inspection for presentations rather than direct PDF parsing.
Audit Metadata