chart-visualization
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions require the agent to execute a shell command:
node ./scripts/generate.js '<payload_json>'. This pattern is susceptible to command injection if the agent does not properly escape the JSON payload constructed from user input. - [DATA_EXFILTRATION]: The
scripts/generate.jsfile sends chart specifications and user data to an external endpoint (https://antv-studio.alipay.com/api/gpt-vis). While this is a well-known service for data visualization, it facilitates the movement of potentially sensitive information to an external third party. - [PROMPT_INJECTION]: The skill ingests untrusted data into chart parameters without utilizing boundary markers or providing instructions to ignore embedded commands. This creates an attack surface for indirect prompt injection, especially given the skill's capability to perform network and shell operations.
- [DATA_EXPOSURE]: The script
scripts/generate.jsusesfs.readFileSyncto read from the local filesystem if the input argument matches an existing file path. An attacker could exploit this by tricking the agent into passing a sensitive file path (e.g., configuration or credential files) as an argument to be read and potentially sent to the remote server.
Audit Metadata