Skills
skills/wanshuiyin/auto-claude-code-research-in-sleep/paper-figure/Gen Agent Trust Hub

paper-figure

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill generates Python scripts locally and executes them using a bash loop (python "$script") to create figures. This is the primary intended function of the skill and is performed on the local filesystem using standard plotting libraries.
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The skill reads from local data files (JSON, CSV) and writes to a specific directory (figures/). It sends figure descriptions and captions to an external model (gpt-5.4 via mcp__codex__codex) for quality review, which is a documented and standard part of the research workflow.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes external data sources like PAPER_PLAN.md and experiment logs to generate content. While this creates a surface for indirect injection where data content could influence generated scripts, the provided templates focus on standard data loading (e.g., json.load), and the execution is restricted to the local environment for plot generation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 12:25 PM