data-viz-plots
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted data for visualization purposes. \n
- Ingestion points: External datasets provided for plotting. \n
- Boundary markers: Unknown/Absent due to missing implementation code. \n
- Capability inventory: Execution of Python-based plotting code. \n
- Sanitization: Unknown/Absent. \n- [Dynamic Execution] (HIGH): The skill generates and executes Python code using matplotlib and seaborn. Without isolation or validation, this represents a risk for arbitrary command execution. \n- [Metadata Poisoning] (HIGH): The skill metadata describes powerful functionality without providing the core logic in SKILL.md, making it impossible to verify claims of safety or intended behavior.
Recommendations
- AI detected serious security threats
Audit Metadata