Skills
skills/drandyhaas/kicadroutingtools/analyze-power-nets/Gen Agent Trust Hub

analyze-power-nets

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8) because it ingests untrusted external data and uses it to drive agent logic.
  • Ingestion points: Ingests '.kicad_pcb' files via 'analyze_pcb' and external data via 'WebSearch' in Step 3a.
  • Boundary markers: Absent. No delimiters or instructions are provided to the agent to ignore instructions embedded in the PCB files or search results.
  • Capability inventory: The skill executes Python code blocks and generates '--power-nets' routing commands for use in other tools.
  • Sanitization: Absent. There is no evidence of validation or escaping for component values or search results before they are used in logic or output commands.
  • [Unverifiable Dependencies] (MEDIUM): The skill imports functions from 'analyze_power_paths' (Category 4). This module is not a standard library and does not originate from a recognized trusted source, posing a risk of executing unverified code.
  • [Command Execution] (LOW): The skill uses Python execution blocks to process hardware data. While a core feature, this provides a mechanism for potential exploitation if the input data is manipulated.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:05 PM