Skills
skills/wentorai/research-plugins/scientific-illustration-guide/Gen Agent Trust Hub

scientific-illustration-guide

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill contains Python functions that utilize the matplotlib library to generate visual diagrams. These functions perform file system operations to save the output (e.g., fig.savefig(output)) to the local environment, which is standard for data visualization tasks.
  • [PROMPT_INJECTION]: The diagram generation logic involves interpolating user-provided text labels directly into visual components. This creates a surface for indirect prompt injection where untrusted text input is processed into a static visual format.
  • Ingestion points: User-provided lists of dictionaries containing diagram labels in SKILL.md.
  • Boundary markers: None present.
  • Capability inventory: File system write access via matplotlib.
  • Sanitization: No validation or sanitization of input strings is performed before rendering.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 10:40 AM