paper-figures

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the execute tool to run a generated Python script (plot.py) and a bundled validation script (scripts/validate_figure.py) via the uv package manager. This is the primary method for producing the requested PNG output.
  • [DYNAMIC_EXECUTION]: The agent generates Python code at runtime using matplotlib and pandas based on natural language descriptions and tabular data. While this is the core function of the skill, it involves runtime assembly of executable code.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from external files to parameterize visualizations.
  • Ingestion points: Data is read from CSV file paths, JSON objects, or inline tables provided by the user.
  • Boundary markers: The workflow implements a figure-spec.md intermediate file that acts as a structural contract, separating the data analysis phase from the code generation phase.
  • Capability inventory: Uses write_file to create scripts and execute to run shell commands for rendering and validation.
  • Sanitization: The instructions do not specify sanitization of input data (e.g., column names or cell values) before they are used as labels or variables in the generated Python script.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 04:44 PM
Security Audit — agent-trust-hub — paper-figures