Skills
skills/charleskeeling65/figures4papers-skill/figures4papers-python-plot-skill/Gen Agent Trust Hub

figures4papers-python-plot-skill

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • [Command Execution] (SAFE): The script scripts/run_figure.py uses subprocess.run to execute Python scripts found in the figure_* directories. While this executes code, it is restricted to the local workspace and is the primary intended function of the skill for validating figure output.
  • [Indirect Prompt Injection] (SAFE): The skill ingests data from local figure_* folders to execute scripts, presenting a theoretical injection surface. However, this is mitigated by the fact that it only targets files already present in the user's repository for the purpose of scientific plotting.
  • Ingestion points: figure_* source directories.
  • Boundary markers: Absent.
  • Capability inventory: subprocess.run in scripts/run_figure.py for script execution.
  • Sanitization: Absent.
  • [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, access to sensitive system paths, or network communication patterns were identified.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:45 PM