charting-vega-lite
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (LOW): The generated ChartExplorer.jsx artifact loads the Vega, Vega-Lite, and Vega-Embed libraries from cdn.jsdelivr.net via script tags. While these are reputable libraries, they are loaded from a non-whitelisted external domain at runtime.
- Data Exposure & Exfiltration (LOW): The skill reads data from /mnt/user-data/uploads/ and makes external network requests to cdn.jsdelivr.net for scripts. Although no sensitive system files are accessed and no data is sent externally, the combination of data access and external requests constitutes a low-level surface.
- Indirect Prompt Injection (LOW): The skill processes untrusted user-uploaded data.
- Ingestion points: CSV, JSON, and Excel files read from /mnt/user-data/uploads/.
- Boundary markers: None explicitly used during initial data ingestion, though the workflow incorporates programmatic analysis.
- Capability inventory: Includes file writing (JSX artifacts) and command execution (Python scripts).
- Sanitization: The skill uses json.dumps() to serialize the data before embedding it into the JavaScript artifact, which prevents simple script injection into the generated code.
- Dynamic Execution (LOW): The skill creates a React component (ChartExplorer.jsx) by performing string substitution on a template, incorporating user-provided data and generated chart specifications. This dynamic code generation is the skill's primary purpose and follows common patterns for such tools.
- Command Execution (SAFE): The skill executes a local Python script (analyze_data.py) to extract metadata from the data files. This is a standard and expected use of the agent environment.
Audit Metadata