data-visualization-expert
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION] (SAFE): The skill uses descriptive instructional language to define its role. No override markers, role-play jailbreaks, or instructions to ignore safety protocols were found.
- [DATA_EXFILTRATION] (SAFE): No hardcoded credentials, access to sensitive local file paths (e.g., .ssh, .aws), or network-based exfiltration patterns were detected.
- [EXTERNAL_DOWNLOADS] (SAFE): While the skill mentions multiple JavaScript and Python libraries (D3.js, Matplotlib, etc.), it does not contain commands to download or execute packages at runtime.
- [REMOTE_CODE_EXECUTION] (SAFE): There are no instances of curl/wget piped to interpreters or dynamic code execution (eval/exec) within the provided file.
- [INDIRECT_PROMPT_INJECTION] (SAFE): The skill possesses a data ingestion surface (processing data for charts) but lacks autonomous capabilities like file-writing or network POSTing that would enable a data-driven attack. Evidence: 1. Ingestion points: User-provided data for visualization. 2. Boundary markers: Absent. 3. Capability inventory: Generates visualization code and UI layout. 4. Sanitization: Not specified in instructions.
Audit Metadata