skills/pluginagentmarketplace/custom-plugin-ai-data-scientist/data-visualization/Gen Agent Trust Hub
data-visualization
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The skill contains only instructional and helper content related to data science. No attempts to override system prompts or bypass safety filters were found.
- Data Exposure & Exfiltration (SAFE): File operations are restricted to saving visualization outputs (
plt.savefig) locally. No network requests or access to sensitive system paths (e.g., SSH keys, credentials) are present. - Obfuscation (SAFE): All scripts and documentation are written in clear, human-readable text. No encoded or hidden payloads were detected.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill relies on well-known, industry-standard Python libraries. It does not download or execute remote scripts at runtime.
- Indirect Prompt Injection (LOW): The skill processes dataframes which are potentially untrusted external data. While it lacks explicit sanitization for strings within data fields, the skill's lack of high-privilege capabilities (network access, shell execution) significantly limits the impact of this vector.
- Dynamic Execution (SAFE): No use of
eval(),exec(), or unsafe deserialization (e.g.,pickle) was found.
Audit Metadata