auto-draw-plot
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill follows best practices for AI agent safety:
- Domain Whitelisting: External network requests for image generation are strictly validated against a whitelist of trusted domains (including benszresearch.com and Google APIs).
- Credential Safety: API keys from configuration files (e.g., ~/.codex/auth.json, remote.env) are handled securely and masked in all debug and manifest output.
- Path Security: Workspace and output paths are validated to ensure they remain within the project root, preventing unauthorized file system access.
- Command Safety: Subprocess commands for internal task management (e.g., in parallel-vibe workflows) are constructed using proper shell quoting (shlex.quote) to prevent command injection.
Audit Metadata