paper-figures
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
executetool to run a generated Python script (plot.py) and a bundled validation script (scripts/validate_figure.py) via theuvpackage manager. This is the primary method for producing the requested PNG output. - [DYNAMIC_EXECUTION]: The agent generates Python code at runtime using
matplotlibandpandasbased on natural language descriptions and tabular data. While this is the core function of the skill, it involves runtime assembly of executable code. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from external files to parameterize visualizations.
- Ingestion points: Data is read from CSV file paths, JSON objects, or inline tables provided by the user.
- Boundary markers: The workflow implements a
figure-spec.mdintermediate file that acts as a structural contract, separating the data analysis phase from the code generation phase. - Capability inventory: Uses
write_fileto create scripts andexecuteto run shell commands for rendering and validation. - Sanitization: The instructions do not specify sanitization of input data (e.g., column names or cell values) before they are used as labels or variables in the generated Python script.
Audit Metadata