scientific-schematics

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute a Python bridge script located at ${CLAUDE_PLUGIN_ROOT}/skills/collaborating-with-codex/scripts/codex_bridge.py. While this is the intended mechanism for delegating image generation, it relies on shell execution for its primary functionality.
  • [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests untrusted user data (diagram descriptions) and interpolates them directly into a shell command string.
  • Ingestion points: User-provided diagram descriptions and 'hard constraints' are used to build the --PROMPT argument for the Bash command in SKILL.md.
  • Boundary markers: No shell-escaping or boundary delimiters are specified to isolate the user-provided content from the command structure.
  • Capability inventory: The skill has access to the Bash tool and Write/Edit permissions, allowing for significant system impact if the command is subverted.
  • Sanitization: There is no mention of sanitizing or escaping shell metacharacters (e.g., ;, &&, |, backticks) in the description before interpolation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 05:55 PM
Security Audit — agent-trust-hub — scientific-schematics