Skills
skills/wanshuiyin/auto-claude-code-research-in-sleep/paper-figure/Gen Agent Trust Hub

paper-figure

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill automates the execution of generated Python scripts. It uses a bash loop to run all files matching gen_fig*.py to produce visual outputs.
  • [PROMPT_INJECTION]: There is an indirect prompt injection surface as the skill processes user-provided PAPER_PLAN.md and experiment data files (JSON/CSV). The agent uses these inputs to determine the logic for the generated Python scripts. This behavior is consistent with the skill's primary purpose of data-driven visualization.
  • Ingestion points: PAPER_PLAN.md, JSON/CSV data files, and $ARGUMENTS.
  • Boundary markers: None explicitly defined for untrusted data.
  • Capability inventory: Uses Bash, Write, Edit, and mcp__codex__codex tools.
  • Sanitization: Code generation follows structured templates (e.g., paper_plot_style.py), reducing the risk of arbitrary code injection from data sources.
  • [SAFE]: The skill references established scientific computing libraries and follows best practices for publication-quality plotting, such as using vector formats (PDF) and consistent styling.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 12:40 PM