scientific-visualization

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/figure_export.py uses the subprocess module to execute the pdffonts utility. This is used legitimately to verify that fonts are correctly embedded in generated PDF figures, which is a requirement for many academic submission portals. The command is executed using a list of arguments without a shell, which prevents command injection vulnerabilities.
  • [DATA_EXPOSURE]: The skill instructions and scripts involve reading data from and writing files to the local project directory (e.g., .writing/figures/data/ and .writing/figures/). This file system access is strictly scoped to the project's figure generation workflow.
  • [SAFE_PRACTICES]: The SKILL.md defines explicit 'Confirmation gates' that instruct the agent to pause and ask for user permission before generating scripts, using data, or overwriting existing files. This reduces the risk of unintended autonomous actions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 05:55 PM
Security Audit — agent-trust-hub — scientific-visualization