csv-data-visualizer
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill documentation recommends installing well-known and trusted Python packages:
pandas,plotly,numpy, andkaleido. These are industry-standard libraries for data science and visualization. - [DATA_EXFILTRATION] (SAFE): The provided scripts (
visualize_csv.py,create_dashboard.py) process data entirely locally. There are no calls torequests,curl,urllib, or any other networking modules that could transmit data externally. - [COMMAND_EXECUTION] (SAFE): The skill operates by executing Python scripts with defined arguments. The code uses
argparsefor input handling and does not utilize unsafe functions likeos.system(),eval(), orexec()on user-controlled inputs. - [PROMPT_INJECTION] (SAFE): The
SKILL.mdfile contains standard instructions for the agent on when and how to use the visualization tools. It does not contain any directives to bypass safety filters or ignore previous instructions. - [DATA_EXPOSURE] (SAFE): While the skill reads and writes files, it does so based on explicit user requests for data visualization. No sensitive system paths (like
~/.sshor/etc/) are accessed; operations are restricted to the provided CSV files and specified output paths. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes external CSV data which is an ingestion point for untrusted content. However, the output is primarily graphical (Plotly HTML/Images) intended for human review, posing a minimal risk to the agent's logic flow.
Audit Metadata