The Agent Skills Directory

Unverifiable Dependencies & Remote Code Execution (SAFE): The skill references the installation of standard, trusted Python packages such as plotly, pandas, kaleido, and dash. These are well-known libraries from the official Python Package Index (PyPI) and are appropriate for the skill's purpose.\n- Data Exposure & Exfiltration (SAFE): The skill includes instructions for exporting visualizations to local HTML and image files. There is no evidence of accessing sensitive system files, hardcoding credentials, or exfiltrating data to untrusted domains.\n- Indirect Prompt Injection (SAFE): While the library processes external data to generate visualizations, which is an inherent vulnerability surface (Category 8), the skill does not provide any examples or instructions that exploit this surface or attempt to bypass agent safety protocols.\n- Dynamic Execution (SAFE): The provided code snippets use standard Plotly API calls for figure generation and customization. No unsafe dynamic execution patterns, such as evaluating untrusted strings or runtime compilation of malicious source code, were found.

plotly