gnuplot
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute system commands, including
gnuplotfor data visualization andemacsclient --evalfor querying editor face colors. It also involves dynamic generation of scripts at runtime. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface.
- Ingestion points: Untrusted data is extracted from the interaction context.
- Boundary markers: There are no delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill allows file creation in /tmp, gnuplot execution, and Lisp evaluation via emacsclient.
- Sanitization: The skill lacks sanitization for data interpolated into scripts.
Audit Metadata