Skills
skills/pvergaraf/chart-skill/chart/Gen Agent Trust Hub

chart

Fail

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to generate a curl command by interpolating a JSON configuration (CHART_CONFIG_JSON) directly into a shell string. This configuration is built from user-supplied data or file content. If this data contains shell metacharacters like single quotes or backticks, it could lead to arbitrary command execution on the host system.
  • [DATA_EXFILTRATION]: The skill includes functionality to read data from arbitrary file paths provided by the user (e.g., /chart line chart from /path/to/data.csv) and subsequently sends that data to an external API (https://quickchart.io/chart). This pattern can be exploited to read sensitive files (such as SSH keys or environment variables) and exfiltrate their contents under the guise of generating a chart.
  • [EXTERNAL_DOWNLOADS]: The skill communicates with QuickChart.io, a well-known service, to generate and download chart images via POST requests.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external files and interpolates it into prompts and shell commands without sanitization.
  • Ingestion points: SKILL.md (via the 'From file' feature and user input parsing)
  • Boundary markers: Absent; there are no instructions to delimit or treat the external file content as untrusted.
  • Capability inventory: Bash(curl), Read, and Write tools.
  • Sanitization: Absent; no escaping or validation is performed on the data before it is inserted into the curl command template.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 8, 2026, 11:46 AM