nsfc-roadmap
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
subprocessmodule inscripts/render_roadmap.pyto execute external commands. Specifically, it calls thedrawioCLI to render diagrams and can executebrew install --cask drawioto handle dependency installation on macOS systems. - [EXTERNAL_DOWNLOADS]: In
scripts/render_roadmap.py, the skill includes functionality to automatically install the Draw.io application using the Homebrew package manager if configured by the user (auto_install_macos: true). While targeted at a well-known service, this involves downloading and executing third-party software at runtime. - [PROMPT_INJECTION]: The skill processes untrusted content from user-supplied research proposals via
scripts/extract_proposal.py. This content is interpolated into prompts for the Gemini image generation model inscripts/generate_roadmap.pywithout robust boundary markers or sanitization. - Ingestion points:
scripts/extract_proposal.pyreads user-provided.texand.mdfiles. - Boundary markers: Absent in the prompt construction logic within
_build_nano_banana_prompt. - Capability inventory: The skill can perform network operations (Gemini API) and write files to the output directory.
- Sanitization: No specific sanitization or escaping is applied to the extracted text before it enters the LLM prompt context.
Audit Metadata