visual-explainer
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill loads diagramming engines (Mermaid, Excalidraw) and styling assets (Prism.js, Google Fonts) from trusted CDN providers including JSDelivr, esm.sh, and Google's font servers.
- [EXTERNAL_DOWNLOADS]: It performs an automated version check by fetching metadata from the vendor's official GitHub repository (abpai/skills).
- [COMMAND_EXECUTION]: The skill utilizes standard development tools like git for codebase analysis and system utilities (open/xdg-open) to display generated HTML reports locally.
- [PROMPT_INJECTION]: While the skill analyzes untrusted local files to generate reviews, it includes specific instructions to use the textContent DOM API and avoid innerHTML, effectively mitigating the risk of cross-site scripting (XSS) in the browser.
Audit Metadata