data-visualization
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill provides an HTML template that downloads the
chart.jslibrary from a third-party CDN (cdn.jsdelivr.net). - PROMPT_INJECTION (LOW): The skill represents an Indirect Prompt Injection surface (Category 8). 1. Ingestion points: User-provided datasets are ingested via prompt instructions. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the patterns. 3. Capability inventory: The skill has file-system write capabilities through the
matplotlibsave function inscripts/chart_utils.py. 4. Sanitization: No sanitization or validation of input data is performed before processing. - COMMAND_EXECUTION (SAFE): The Python script
scripts/chart_utils.pyperforms standard file system operations like directory creation and image saving, which are consistent with its stated purpose of chart generation.
Audit Metadata