mouser
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The scripts use
subprocess.runto invoke local system utilities likepdftotextfor PDF verification and a sibling schematic analyzer script. These calls use controlled arguments and are standard for the tool's functionality. - [EXTERNAL_DOWNLOADS]: The skill downloads datasheet PDF files from Mouser Electronics and various semiconductor manufacturer websites (e.g., TI, Microchip). These are well-known, trusted industry sources, and the downloads are essential for the primary purpose of the skill.
- [DATA_EXFILTRATION]: The skill requires a
MOUSER_SEARCH_API_KEYenvironment variable for authentication. The documentation suggests a common developer workflow for loading environment variables from a local secrets file (~/.config/secrets.env), which is a standard practice and not a security risk when performed by the user. - [PROMPT_INJECTION]: No patterns of role-play, safety bypass, or instruction overrides were detected in the skill instructions or script comments.
- [INDIRECT_PROMPT_INJECTION]: The skill has a data ingestion surface as it processes KiCad schematic files and JSON data to extract part numbers. While these inputs are untrusted, the skill employs sanitization logic for filenames and uses the data primarily for structured API lookups, which minimizes the risk of prompt manipulation.
Audit Metadata