data-viz
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The file
references/REFERENCE.mdcontains a code template that downloads a font file (SimHei.ttf) fromhttps://github.com/StellarCN/scp_zh. Although the GitHub organization is not on the pre-approved trusted list, the download is limited to a font resource used for its intended purpose of rendering international text. - [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because it processes untrusted external data and has high-privilege code execution capabilities.
- Ingestion points: Reads data from user-provided CSV and JSON files for visualization.
- Boundary markers: Absent; there are no specific instructions or delimiters used to prevent the agent from following instructions embedded within the data labels or values.
- Capability inventory: The skill utilizes a Python virtual environment to execute arbitrary generated scripts via
.venv/bin/python. - Sanitization: Absent; the skill does not explicitly sanitize data strings before they are used in chart titles or labels, which could lead to visual deception or secondary injection if the output is processed by other tools.
- [COMMAND_EXECUTION] (SAFE): The skill uses a
setup.shscript to manage a local Python environment. This is a standard and safe practice for ensuring dependencies are met without escalating system-wide privileges.
Audit Metadata