vega
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOW
Full Analysis
- PROMPT_INJECTION (SAFE): No instructions attempting to override agent behavior, bypass safety filters, or extract system prompts were detected. The rules provided are strictly for chart syntax (JSON structure, data types).
- DATA_EXPOSURE & EXFILTRATION (SAFE): No hardcoded credentials, sensitive file paths, or network operations were found. The skill works locally by generating Markdown-compatible Vega blocks.
- OBFUSCATION (SAFE): All content is in clear text. No Base64, zero-width characters, or homoglyphs were identified.
- UNVERIFIABLE DEPENDENCIES & RCE (SAFE): No external package managers (npm, pip) or remote script executions (curl | bash) are present. The skill relies on standard Markdown rendering environments.
- PRIVILEGE ESCALATION (SAFE): No commands involving sudo, chmod, or modification of system services/registries were detected.
- PERSISTENCE MECHANISMS (SAFE): No attempts to modify shell profiles, cron jobs, or startup folders were found.
- METADATA POISONING (SAFE): Metadata fields (name, description, author) contain relevant, non-malicious information about the visualization capabilities.
- INDIRECT PROMPT INJECTION (LOW): The skill processes user-provided numeric data arrays. While this is a data ingestion surface, the output is limited to visual chart generation (Vega/Vega-Lite blocks). These blocks are typically rendered by a client-side viewer and do not possess the capability to execute system commands, write files, or make network requests, resulting in low risk.
- TIME-DELAYED / CONDITIONAL ATTACKS (SAFE): No logic gating behavior based on dates, times, or environment triggers was found.
- DYNAMIC EXECUTION (SAFE): The skill generates static JSON configurations for Vega. It does not involve runtime compilation (gcc), library injection, or unsafe deserialization (pickle).
Audit Metadata