Skills
skills/ttawdtt/skill-writer/scientific-schematics/Gen Agent Trust Hub

scientific-schematics

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (LOW): The file scripts/compile_tikz.py executes system commands (pdflatex, convert, and system openers) via subprocess.run. \n
  • Evidence: The _run_command method wraps these calls using list-based arguments, mitigating common shell injection vulnerabilities.\n- PROMPT_INJECTION (LOW): The skill exhibits an Indirect Prompt Injection surface as it ingests untrusted data that is then used to generate code and documents.\n
  • Ingestion points: scripts/generate_flowchart.py (via --text and --input) and scripts/compile_tikz.py (via .tex files).\n
  • Boundary markers: None detected. User input is directly interpolated into TikZ templates.\n
  • Capability inventory: The skill possesses file write capabilities and the ability to execute system binaries (pdflatex, convert).\n
  • Sanitization: No input sanitization or validation is performed on the strings before they are embedded into the generated LaTeX code.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:35 PM