Skills
skills/sjnims/chartjs-expert/chartjs-configuration/Gen Agent Trust Hub

chartjs-configuration

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill loads the Chart.js library from a well-known CDN service.
  • Evidence: Script tags in examples/custom-tooltip.html, examples/interactive-legend.html, and examples/responsive-chart.html reference https://cdn.jsdelivr.net/npm/chart.js@4.5.1.
  • [PROMPT_INJECTION]: The provided example code for custom tooltips and legends is vulnerable to Indirect Prompt Injection (specifically Cross-Site Scripting) because it utilizes .innerHTML to render chart data.
  • Ingestion points: Data labels and dataset properties entering the context via chart.data in examples/custom-tooltip.html and examples/interactive-legend.html.
  • Boundary markers: Absent; there are no delimiters or explicit instructions to ignore embedded instructions in the example data rendering logic.
  • Capability inventory: The examples in examples/custom-tooltip.html and examples/interactive-legend.html perform DOM manipulation to create custom UI elements.
  • Sanitization: Absent; no escaping or sanitization is performed on external content before it is interpolated into the DOM.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 03:34 PM