Skills
skills/diodeinc/pcb/kicad-layout/Gen Agent Trust Hub

kicad-layout

Pass

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill employs pcb_execute_tools to run dynamically generated JavaScript code. This is the primary method for interacting with the KiCad API but constitutes a runtime code execution surface.
  • [COMMAND_EXECUTION]: The skill exhibits an indirect prompt injection surface by ingesting data from KiCad board files (via kicad_get_board_summary and kicad_query in SKILL.md) without explicit boundary markers or sanitization. This data could potentially contain malicious instructions that influence the agent's use of modification tools like kicad_update_items.
  • [SAFE]: No evidence of data exfiltration, credential exposure, or unauthorized network communication was found. The skill's functionality is limited to the defined MCP toolset.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 25, 2026, 03:04 PM