math-visualizer
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest user-provided mathematical expressions, which creates an attack surface for indirect prompt injection when these inputs are interpolated into code templates for rendering.\n
- Ingestion points: User-provided equations, formulas, and LaTeX strings triggered by the patterns defined in SKILL.md.\n
- Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the interpolated mathematical text.\n
- Capability inventory: The rendering process involves file system access (writing Python scripts and video files) and subprocess execution (LaTeX and FFmpeg) via the Manim library.\n
- Sanitization: No sanitization or validation of user-provided mathematical strings is implemented in the provided templates.\n- [SAFE]: The skill utilizes well-known and trusted mathematical visualization libraries, specifically the Manim Community Edition and the Manim OpenGL renderer.\n- [SAFE]: No evidence of hardcoded credentials, persistence mechanisms, or malicious data exfiltration was found in the provided files.
Audit Metadata