figures4papers-playbook
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute a local script,
scripts/example_locator.py, to search through a list of figure templates. - [COMMAND_EXECUTION]: The agent is instructed to modify local Python plotting scripts and execute them using the
pythoncommand to produce PNG and PDF outputs. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates untrusted user data (e.g., labels, data arrays) into Python scripts that are subsequently executed by the agent. No explicit validation or boundary markers are defined in the instructions to sanitize this input. Evidence includes: 1. Ingestion points: User-provided intent, data arrays, and chart labels (SKILL.md). 2. Boundary markers: Absent in instructions. 3. Capability inventory: Execution of Python scripts via subprocess calls. 4. Sanitization: Absent; the agent is not instructed to validate or escape user input before generating script code.
Audit Metadata