scientific-visualization
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/figure_export.pyuses thesubprocessmodule to execute thepdffontsutility. This is used legitimately to verify that fonts are correctly embedded in generated PDF figures, which is a requirement for many academic submission portals. The command is executed using a list of arguments without a shell, which prevents command injection vulnerabilities. - [DATA_EXPOSURE]: The skill instructions and scripts involve reading data from and writing files to the local project directory (e.g.,
.writing/figures/data/and.writing/figures/). This file system access is strictly scoped to the project's figure generation workflow. - [SAFE_PRACTICES]: The
SKILL.mddefines explicit 'Confirmation gates' that instruct the agent to pause and ask for user permission before generating scripts, using data, or overwriting existing files. This reduces the risk of unintended autonomous actions.
Audit Metadata