mmt-tradingview-charts
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [External Downloads] (SAFE): The documentation references the
lightweight-chartslibrary. This is a legitimate, industry-standard package for financial visualizations. - [Data Exposure & Exfiltration] (SAFE): The skill explicitly advises against calling external APIs directly from the browser and demonstrates the use of local server-side proxies (
/api/mmt/...). No hardcoded secrets, API keys, or access to sensitive system paths were found. - [Remote Code Execution] (SAFE): Analysis of the provided TypeScript and HTML snippets shows no use of dangerous functions like
eval()orexec(). There are no patterns involving piped shell commands (e.g.,curl | bash). - [Indirect Prompt Injection] (SAFE): While the skill ingests external market data via WebSockets and REST, this data is strictly mapped to numeric charting formats. There is no evidence of the data being interpolated into natural language prompts that could influence the AI agent's logic.
Audit Metadata