paper-figure
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill dynamically generates Python scripts (e.g.,
gen_fig*.py) and executes them using the Bash tool. While intended for plotting, this pattern of runtime code generation and execution is a capability that could be misused if malicious content is introduced. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of untrusted external data.
- Ingestion points: The skill reads experiment data from JSON/CSV files and figure plans from
PAPER_PLAN.md(Step 1, Step 4). - Boundary markers: No explicit delimiters or instructions to ignore embedded instructions are used when the skill interpolates this data into generated code or the prompt for the
REVIEWER_MODEL(Step 7). - Capability inventory: The skill utilizes
Bash(*),Write, andEdittools, allowing for arbitrary command execution and file modification. - Sanitization: No validation, escaping, or filtering of the external data content is performed before it is used in code generation or sent to the model for review.
Audit Metadata