Skills
skills/diodeinc/pcb/component-search/Gen Agent Trust Hub

component-search

Pass

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: Uses the pcb CLI tool for component searches, documentation viewing, and bill of materials (BOM) generation within a project.
  • [EXTERNAL_DOWNLOADS]: Downloads electronic design assets, including symbols, footprints, and STEP models, from the vendor's web database and registry using the pcb new component command.
  • [REMOTE_CODE_EXECUTION]: Loads remote design modules directly from the vendor's GitHub registry using the Module() function; this is a standard feature for fetching official registry components.
  • [PROMPT_INJECTION]: The skill processes component metadata from external registries and web databases, which could serve as a vector for indirect prompt injection.
  • Ingestion points: Component search results from registry:modules, registry:components, and web:components in SKILL.md.
  • Boundary markers: No explicit delimiters or instructions to ignore instructions within component data are present.
  • Capability inventory: The skill can download and import components into the workspace (pcb new component) and execute file-based operations.
  • Sanitization: No verification or sanitization of external metadata is specified before it is handled by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 19, 2026, 09:19 PM