mmt-tradingview-charts
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Prompt Injection] (SAFE): No instructions attempting to override agent behavior or bypass safety filters were detected.
- [Data Exposure & Exfiltration] (SAFE): The skill explicitly recommends using server-side proxies for all REST and WebSocket communications to avoid exposing API keys to the client-side browser environment. No sensitive file access or unauthorized network calls are present.
- [Remote Code Execution] (SAFE): The skill does not implement any patterns for downloading or executing remote code or scripts.
- [Obfuscation] (SAFE): No encoded strings, homoglyphs, or hidden characters were found in any of the analyzed files.
- [Indirect Prompt Injection] (SAFE): The skill handles numeric and structured market data (OHLCV). While it uses
innerHTMLfor custom tooltips, it applies numeric formatting (e.g.,.toFixed(2)) to the data fields before interpolation, which effectively sanitizes the input and prevents XSS risks from the data source. - [Privilege Escalation] (SAFE): No commands related to privilege escalation or administrative access were identified.
- [External Downloads] (LOW): The skill references the legitimate and standard
lightweight-chartspackage from NPM, which is required for the charting functionality described.
Audit Metadata