skills/ndpvt-web/arxiv-claude-skills/paperbanana-automating-academic-illustration/Gen Agent Trust Hub
paperbanana-automating-academic-illustration
Warn
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs dynamic execution by generating Python scripts at runtime and instructing the agent to execute them. The workflow in SKILL.md (Step 6) explicitly commands: "Write and execute the rendering code." The provided examples demonstrate the generation of matplotlib code that incorporates user-supplied labels, data values, and structural components into executable logic.
- [PROMPT_INJECTION]: The skill exhibits a significant surface for indirect prompt injection as it processes and interpolates untrusted external data into its reasoning and execution loop.
- Ingestion points: The skill ingests user-provided text, research paper sections, abstracts, and conceptual descriptions as specified in the "When to Use" and "Step-by-Step Workflow" sections of SKILL.md.
- Boundary markers: The instructions do not provide any boundary markers, delimiters, or guidance to treat the ingested data as untrusted, increasing the likelihood that the agent will follow instructions embedded within that data.
- Capability inventory: The agent has the capability to write and execute Python code using libraries like matplotlib and seaborn, as well as the ability to save files to the local file system (e.g., plt.savefig commands in Step 6 and Step 10).
- Sanitization: There is no evidence of sanitization, filtering, or validation of the input data before it is used to generate the structured content plan or the final rendering code.
Audit Metadata