The Agent Skills Directory

[Metadata Poisoning] (MEDIUM): The README and scripts claim to utilize 'Gemini 3 Pro' for quality review, which is a non-existent model. This misleading metadata can cause users to misjudge the tool's capabilities or safety based on false technical claims.
[Command Execution] (MEDIUM): The file scripts/generate_schematic.py uses subprocess.run to execute a local Python script generate_schematic_ai.py. This core logic file is missing from the provided source, preventing a full security audit of how it processes input and interacts with the system.
[Prompt Injection] (MEDIUM): User-supplied diagram descriptions are passed directly to AI models without visible boundary markers or sanitization. This creates a vulnerability to adversarial prompts that could attempt to override the agent's instructions or extract sensitive configuration data.
[Dynamic Execution] (MEDIUM): The script test_ai_generation.py uses sys.path.insert to modify the Python search path and dynamically import modules. This pattern can be exploited for local code injection if the directory structure is compromised.
[Unverifiable Dependencies] (LOW): The skill requires the requests library, which is a standard but external dependency downloaded from a public registry (PyPI).

scientific-schematics