eda-drc
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted design files which serves as a potential vector for indirect prompt injection. Evidence Chain: 1. Ingestion points:
hardware/*.kicad_sch,hardware/*.kicad_pcb, anddocs/design-constraints.json. 2. Boundary markers: Absent; there are no explicit delimiters or instructions for the agent to ignore embedded text in design files. 3. Capability inventory: MCP tools for KiCad and JLC, and file system Write access for reporting. 4. Sanitization: Absent; no validation or filtering of design file content or metadata is specified. - [Data Exposure & Exfiltration] (SAFE): Network activity through
WebSearchandmcp__jlc__*tools is strictly limited to the skill's primary purpose of component validation and does not involve access to or transmission of sensitive user credentials or system files.
Audit Metadata