Skills
skills/nguyendinhquocx/code-ai/csv-data-visualizer/Gen Agent Trust Hub

csv-data-visualizer

Pass

Audited by Gen Agent Trust Hub on Feb 23, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): Potential path traversal vulnerability when generating visualization files from malicious CSV headers.
  • Ingestion points: External CSV headers are ingested as column names in scripts/visualize_csv.py and scripts/create_dashboard.py.
  • Boundary markers: Absent; the skill does not implement validation or boundary checks for column names used in file system operations.
  • Capability inventory: The skill scripts utilize Plotly to write interactive HTML and static image files to the local file system.
  • Sanitization: The _save_figure method in scripts/visualize_csv.py and similar logic in scripts/create_dashboard.py construct output paths by concatenating the data directory with the column name (e.g., f"histogram_{column}"). A malicious header containing directory traversal characters (e.g., ../../) could allow writing files to unauthorized locations accessible by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 23, 2026, 05:28 AM