figure-generation

[Skill Scanner] Backtick command substitution detected All findings: [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] Select Report 2 as the best baseline. It describes a robust, repeatable figure-generation pipeline with appropriate outputs and publication-ready formatting. The primary security considerations involve the safe handling of generated code execution from user prompts; maintain strict sandboxing or strict template boundaries to avoid code injection. In practice, enforce generated code review, limit file system exposure, and validate inputs. Overall, the approach is benign and suitable for automated figure generation in research workflows. LLM verification: The skill's documented behavior aligns with its stated purpose (automated figure generation). I found no explicit malicious code in the provided fragment, but the design includes high-risk operations: generating and executing arbitrary Python code and an underspecified VLM feedback step that may send images externally. In sensitive environments this workflow could lead to data exposure or host compromise if execution is not sandboxed and network access is unrestricted. Before using in production