Skills
skills/fefogarcia/approved-skills/data-visualization/Gen Agent Trust Hub

data-visualization

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill's core function involves interpolating untrusted user data into executable or renderable contexts (Python scripts, React components, and HTML/JavaScript artifacts) without sanitization.
  • Ingestion points: User-provided datasets, labels, and titles are directly inserted into code templates in SKILL.md and processed by scripts/chart_utils.py.
  • Boundary markers: There are no explicit boundary markers or instructions to the agent to escape or validate user content before code generation.
  • Capability inventory: The agent uses these patterns to generate and execute Python code (via matplotlib) and render interactive web artifacts (via Chart.js and Recharts).
  • Sanitization: No sanitization is implemented. An attacker could provide malicious data (e.g., a chart label containing '); import os; os.system('...) that triggers arbitrary code execution in the Python environment or Cross-Site Scripting (XSS) in the artifact renderer.
  • [External Downloads] (MEDIUM): The HTML implementation pattern in SKILL.md includes a remote script reference to https://cdn.jsdelivr.net/npm/chart.js.
  • Evidence: <script src="https://cdn.jsdelivr.net/npm/chart.js"></script>
  • Risk: Loading scripts from external CDNs that are not within the [TRUST-SCOPE-RULE] (like jsdelivr.net) introduces a supply-chain risk where a compromised CDN or package could lead to remote code execution in the user's browser/agent environment.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:39 AM