data-visualization
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted user data to generate executable HTML and JavaScript content, creating a vulnerability surface for Cross-Site Scripting (XSS). 1. Ingestion points: User-provided data in CSV, JSON, or table formats. 2. Boundary markers: No explicit instructions for the agent to use delimiters or warnings for embedded instructions. 3. Capability inventory: Generates HTML/JS files that are executed in a browser environment. 4. Sanitization: No sanitization logic is included in the instructions. Severity is downgraded to SAFE as this capability is essential to the primary function of data visualization.
- [NO_CODE] (SAFE): No executable scripts (.py, .js, .sh) are included in the skill; it consists entirely of instructional markdown.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references Chart.js (v4.4.0), which is a trusted industry-standard library for data visualization.
Audit Metadata