mckinsey-style-visualization
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The installation documentation (README.md, INSTALLATION.md) directs users to download a SKILL.md file and clone repository content from an untrusted personal GitHub account (kgraph57). While the content consists of instructions rather than executable binaries, the source is not verified.
- NO_CODE (SAFE): No Python scripts, JavaScript files, or shell scripts were found in the provided files. The skill functions through prompt engineering rather than code execution.
- INDIRECT PROMPT INJECTION (LOW): The skill design creates an attack surface for indirect prompt injection. 1. Ingestion points: Untrusted data supplied for chart generation (e.g., market statistics or descriptions). 2. Boundary markers: Absent in the provided templates. 3. Capability inventory: No code-based capabilities, but influences agent output. 4. Sanitization: No evidence of data sanitization or instruction filtering.
Audit Metadata