Skills
skills/aklofas/kicad-happy/bom/Gen Agent Trust Hub

bom

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: An indirect prompt injection surface exists as the skill processes metadata (symbol properties like Description, Notes, and MPN) from KiCad schematic (.kicad_sch) and board (.kicad_pcb) files. 1. Ingestion points: .kicad_sch and .kicad_pcb files provided by users. 2. Boundary markers: Not present; the skill lacks specific instructions to ignore malicious commands embedded in component fields. 3. Capability inventory: File system read/write access and shell command execution. 4. Sanitization: No validation or sanitization of extracted string properties is performed before processing.
  • [COMMAND_EXECUTION]: The skill instructs on running the generate_interactive_bom command to produce assembly documentation.
  • [EXTERNAL_DOWNLOADS]: The skill suggests installing the InteractiveHtmlBom package via pip. This is a well-known and standard utility within the electronics design community.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 10:59 AM