analytics-dashboard
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses the 'CRITICAL' marker to instruct the agent to override its default interaction flow and immediately begin the analytics workflow upon loading.
- [INDIRECT_PROMPT_INJECTION]: The skill parses data from an external, potentially attacker-controlled Excel file without safety boundaries.
- Ingestion points: Processes multiple sheets from a user-uploaded LinkedIn Analytics .xlsx file in Step 2.
- Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded commands within the spreadsheet data.
- Capability inventory: Generates React code (artifacts) and written strategic recommendations based on the data.
- Sanitization: Absent; the skill performs header cleaning for formatting but does not sanitize cell content for malicious instructions.
- [DYNAMIC_EXECUTION]: The skill dynamically generates a React artifact using the Recharts library, incorporating data extracted from the external file into the rendered code.
Audit Metadata