scientific-schematics
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to execute a Python bridge script located at${CLAUDE_PLUGIN_ROOT}/skills/collaborating-with-codex/scripts/codex_bridge.py. While this is the intended mechanism for delegating image generation, it relies on shell execution for its primary functionality. - [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests untrusted user data (diagram descriptions) and interpolates them directly into a shell command string.
- Ingestion points: User-provided diagram descriptions and 'hard constraints' are used to build the
--PROMPTargument for the Bash command inSKILL.md. - Boundary markers: No shell-escaping or boundary delimiters are specified to isolate the user-provided content from the command structure.
- Capability inventory: The skill has access to the
Bashtool andWrite/Editpermissions, allowing for significant system impact if the command is subverted. - Sanitization: There is no mention of sanitizing or escaping shell metacharacters (e.g.,
;,&&,|, backticks) in the description before interpolation.
Audit Metadata