chart-visualization
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill instructions direct the agent to execute a shell command
node ./scripts/generate.js '<payload_json>'. This presents a risk of command injection if the agent fails to properly escape user-provided data when constructing the JSON argument. - [DATA_EXFILTRATION] (LOW): The script
scripts/generate.jstransmits user data to an external API atantv-studio.alipay.com. While this is the intended purpose of the skill, the domain is not included in the pre-approved whitelist for trusted data transmission. - [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection as it processes untrusted user data without explicit instructions for the agent to ignore or sanitize nested commands. Evidence: 1. Ingestion: User data is mapped to fields in
generate.js. 2. Boundary markers: None are provided in the skill instructions. 3. Capability: The skill has script execution and network access capabilities. 4. Sanitization: No content-based validation or sanitization is performed on the input data.
Audit Metadata