feasibility-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes an example command to execute a local Python script (
.claude/skills/project-diagrams/scripts/generate_schematic.py) using the Bash tool. This is a functional instruction for generating visualization diagrams within the agent's environment. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface where user-supplied descriptions are interpolated into a shell command. Ingestion points: User-provided 'diagram description' in SKILL.md. Boundary markers: Absent in the command template. Capability inventory: The skill is permitted to use the Bash, Read, Write, and Edit tools. Sanitization: No sanitization or input validation is specified for the string passed to the shell. This is a characteristic of the suggested workflow rather than an active exploit.
- [SAFE]: A comprehensive audit of the skill's reference materials, including guides on the scientific method, logical fallacies, and statistical pitfalls, confirms that the content is strictly educational. No remote downloads, data exfiltration, or obfuscated payloads were detected across any of the files.
Audit Metadata