data-viz
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides code examples in
references/excel-charts.mdthat utilizesubprocess.runto execute a local helper script namedrecalc.py. This script is intended to facilitate the recalculation of Excel formulas after data modification, which is a standard procedure for theopenpyxllibrary when results are not cached. - [PROMPT_INJECTION]: The skill is designed to ingest and visualize external datasets, which creates a potential surface for indirect prompt injection (Category 8). Since it processes untrusted data (CSV, Excel, etc.) into visual artifacts, developers should ensure that the agent context is protected by boundary markers when interpreting the resulting data summaries.
- [EXTERNAL_DOWNLOADS]: The skill correctly identifies and utilizes external dependencies from well-known and reputable services. It fetches the D3.js library from the jsDelivr CDN and geographic GeoJSON data from the official Plotly GitHub repository. These sources are considered trusted and appropriate for the skill's domain.
Audit Metadata