chart_maker
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted user data to generate chart titles and labels, creating an indirect prompt injection surface. While the impact is limited to the content of the generated image and the agent's interpretation of the success message, the skill lacks boundary markers and sanitization for external content.
- Ingestion points: User data provided via the
chart_makerinstructions inSKILL.md. - Boundary markers: Absent; user input is converted to JSON without explicit isolation from the agent's instructions.
- Capability inventory: File-write capability via
plt.savefiginscripts/plot_data.py. - Sanitization: Absent; the script parses JSON structure but does not filter or sanitize the string content of labels or titles.
- [Unverifiable Dependencies] (LOW): The script
scripts/plot_data.pyimportsmatplotlib, but the skill does not include arequirements.txtor similar manifest to pin the version or verify the source of this dependency.
Audit Metadata