data-visualization
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Instructs the agent to use the infsh CLI for session management and to run specific applications for data processing.
- [REMOTE_CODE_EXECUTION]: Dynamically generates and executes Python code and HTML/CSS using the vendor's remote executors (infsh/python-executor and infsh/html-to-image) to produce images and charts.
- [EXTERNAL_DOWNLOADS]: References installation scripts and additional skill packages hosted on the author's official GitHub repository (inference-sh).
- [PROMPT_INJECTION]: Identifies an indirect prompt injection surface as the skill processes external data for code generation. Ingestion points: Processes data into Matplotlib code snippets. Boundary markers: None present in the provided templates. Capability inventory: Shell command execution and remote code execution via infsh. Sanitization: Not explicitly implemented in the provided examples, relying on the underlying model's safety constraints.
Audit Metadata