skills/huangwb8/skills/auto-draw-plot/Gen Agent Trust Hub

auto-draw-plot

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No security issues detected. The skill follows best practices for AI agent safety:
  • Domain Whitelisting: External network requests for image generation are strictly validated against a whitelist of trusted domains (including benszresearch.com and Google APIs).
  • Credential Safety: API keys from configuration files (e.g., ~/.codex/auth.json, remote.env) are handled securely and masked in all debug and manifest output.
  • Path Security: Workspace and output paths are validated to ensure they remain within the project root, preventing unauthorized file system access.
  • Command Safety: Subprocess commands for internal task management (e.g., in parallel-vibe workflows) are constructed using proper shell quoting (shlex.quote) to prevent command injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 01:32 AM
Security Audit — agent-trust-hub — auto-draw-plot