skills/ndpvt-web/arxiv-claude-skills/pcbschemagen-constraint-guided-schematic-design/Gen Agent Trust Hub
pcbschemagen-constraint-guided-schematic-design
Warn
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill workflow involves generating and executing Python-based SKiDL code to validate design syntax. Specifically, Step 5 instructs the agent to run the generated code locally to catch exceptions and errors.
- [REMOTE_CODE_EXECUTION]: Because the code being executed is generated by an LLM based on user-supplied natural language specifications and datasheet information, there is a possibility for malicious code to be introduced and executed if the model is successfully manipulated.
- [EXTERNAL_DOWNLOADS]: The skill references external resources including the PCBSchemaGen repository on GitHub and suggests the use of external KiCad symbol libraries for component definitions.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted input data (circuit requirements and datasheet content) which is then used to influence code generation and subsequent execution. Ingestion points: Circuit specifications and IC datasheet data; Boundary markers: None mentioned in the workflow; Capability inventory: Local execution of generated Python code for validation; Sanitization: No sanitization steps for input data are described.
Audit Metadata