electronics-sourcing
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: Ingestion points: upload_bom, read_datasheet, and analyze_kicad_project (SKILL.md). Boundary markers: Not specified. Capability inventory: search_parts, compare_prices, and quote_fabrication (network operations via parts-mcp). Sanitization: No specific sanitization mentioned for external part data. While this creates a surface for indirect prompt injection from untrusted BOM files or datasheets, it is a standard operational risk for data-processing skills and no malicious exploitation is present.
- [COMMAND_EXECUTION]: The skill mentions using 'kicad-cli' for BOM extraction from KiCad projects. This is a legitimate use of a standard industry tool required for the skill's domain-specific functionality.
- [DATA_EXFILTRATION]: The skill accesses local files (BOMs and KiCad projects) for processing. This access is necessary for the stated purpose of component sourcing and manufacturing preparation. No unauthorized or suspicious network transmission of sensitive data was identified.
Audit Metadata