chart-type-recommender
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill presents a significant vulnerability surface for indirect prompt injection attacks because it is designed to ingest and act upon data analytics content.
- Ingestion points: The skill processes untrusted user data including SQL queries and data visualization requests (identified in SKILL.md).
- Boundary markers: There are no boundary markers or instructions to isolate untrusted data from instructions, allowing embedded malicious text to influence agent behavior.
- Capability inventory: The skill allows the use of 'Bash', 'Write', and 'Edit' tools (identified in SKILL.md metadata). If an attacker provides a malicious SQL comment or data description, the agent may be manipulated into executing arbitrary shell commands or modifying the filesystem.
- Sanitization: No input sanitization or validation logic is defined to mitigate malicious payload processing.
- [Command Execution] (HIGH): The skill explicitly permits the 'Bash' tool. While common for data analysis, providing shell access in an environment that handles untrusted external data (Category 8) creates a direct path for remote code execution or system compromise.
Recommendations
- AI detected serious security threats
Audit Metadata