survey-visuals
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a local Python script (scripts/run.py) to process workspace data and generate markdown artifacts. This execution is confined to the local environment.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted research data from paper notes and outlines which could potentially contain malicious instructions. The risk is minimized by the skill's narrow output constraints and citation requirements. Ingestion points: outline/outline.yml, papers/paper_notes.jsonl, outline/mapping.tsv. Boundary markers: None. Capability inventory: Local file read/write operations in the workspace. Sanitization: Basic formatting exists, but no semantic validation of input data is performed.
Audit Metadata