Skills
skills/onsager-ai/dev-skills/plan-dag/Gen Agent Trust Hub

plan-dag

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The Python script scripts/plan-dag-render.py uses subprocess.run to execute system utilities including dot, unflatten, and node. This is required for the skill's core functionality of rendering diagrams. The script utilizes a validate function that restricts the input characters in node labels and IDs to prevent command or syntax injection. Specifically, it forbids characters like double quotes and backslashes which could be used to break out of the Graphviz DOT format.
  • [COMMAND_EXECUTION]: The Node.js helper scripts/svg-to-png.mjs executes npm root -g via execSync to locate the Playwright library. This is a standard procedure for locating global modules and is used here in a non-malicious context to facilitate SVG rasterization.
  • [PROMPT_INJECTION]: The skill processes untrusted data from GitHub issue bodies and comments to build dependency edges.
  • Ingestion points: Data is fetched via GitHub MCP tools like mcp__github__issue_read and mcp__github__list_comments.
  • Boundary markers: None; the skill transforms raw issue data directly into a visual diagram format.
  • Capability inventory: The skill has the ability to run local scripts (Bash) and interface with GitHub.
  • Sanitization: The rendering script implements character filtering and escaping to ensure that any potentially malicious content in issue titles or labels does not interfere with the rendering engine's operation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 10:41 PM
Security Audit — agent-trust-hub — plan-dag