dashboard
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Command Execution] (SAFE): The skill executes a local Python script at
.claude/skills/dashboard/scripts/visualize.py. This is standard behavior for a visualization tool and does not involve untrusted remote sources. - [Indirect Prompt Injection] (SAFE): The skill ingests data from a local file. 1. Ingestion points:
.claude/DASHBOARD.md. 2. Boundary markers: Absent in the skill description. 3. Capability inventory: Local file reading, HTML generation, and browser opening. 4. Sanitization: Not specified, but the risk is limited to local browser visualization of user-controlled data. - [Data Exposure] (SAFE): The skill reads from
.claude/DASHBOARD.md, which is the intended data source. It does not access sensitive system directories, environment variables, or hardcoded credentials.
Audit Metadata