Skills
NYC
skills/axiomhq/skills/building-dashboards/Gen Agent Trust Hub

building-dashboards

Warn

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill documentation instructs users to install dependencies via npx skills add axiomhq/skills. This executes code from the axiomhq organization, which is not on the trusted organizations list, representing an unverifiable dependency risk.\n- PROMPT_INJECTION (LOW): The dashboard templates use string interpolation (e.g., {{service}}, {{dataset}}) to construct APL queries without sanitization, creating an indirect prompt injection surface.\n
  • Ingestion points: reference/templates/api-health.json, reference/templates/service-overview-with-filters.json, and reference/templates/service-overview.json.\n
  • Boundary markers: Absent.\n
  • Capability inventory: Dashboard creation and query execution via the Axiom API (implied by script names like dashboard-create).\n
  • Sanitization: Absent. Variables are interpolated directly into APL query strings.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 18, 2026, 09:22 PM