chart-generation
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Category 1: Prompt Injection] (SAFE): No malicious instructions or overrides found in metadata or scripts.
- [Category 2: Data Exposure & Exfiltration] (SAFE): No network operations or sensitive file access detected. Scripts output to specified file paths, which is expected behavior.
- [Category 4: Unverifiable Dependencies & Remote Code Execution] (SAFE): Dependencies (matplotlib, numpy, pillow) are reputable. Input data is parsed using
json.loads()and no dynamic execution functions likeevalare used. - [Category 8: Indirect Prompt Injection] (SAFE): While the skill ingests external data for labels and values, it lacks dangerous capabilities that would make this surface critical.
- [Category 10: Dynamic Execution] (SAFE): No runtime compilation or dynamic loading of untrusted modules.
Audit Metadata