financial-charts
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted financial labels and interpolates them into chart artifacts without sanitization. * Ingestion points: 'revenue_sources' and 'labels' in scripts/sankey_chart.py, and 'categories' in scripts/bar_chart.py. * Boundary markers: Absent. * Capability inventory: Local file system writes via Plotly's fig.write_image and fig.write_html. * Sanitization: Absent.
- [Data Exposure & Exfiltration] (LOW): The use of user-controlled 'output_path' parameters in all chart functions enables file system writes. If the agent does not validate these paths, it creates a surface for path traversal or arbitrary file placement.
- [Dynamic Execution] (LOW): Scripts use sys.path modification to resolve local imports. While common in agent skills for module resolution, this involves dynamic path computation.
Audit Metadata