@554/chart
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes Playwright to automate a headless Chromium browser for rendering and capturing high-fidelity screenshots of generated charts in
scripts/build_chart.py. - [EXTERNAL_DOWNLOADS]: The chart templates load the Apache ECharts library from the JSDelivr CDN, which is a well-known and recognized service for distributing front-end dependencies.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it interpolates data and text provided by the agent directly into HTML and JavaScript templates. Ingestion points: Data enters the process through the
title,subtitle, andreplacementsparameters inscripts/build_chart.py. Boundary markers: No explicit markers or warnings are used to delimit untrusted data within the templates. Capability inventory: The skill can write files to the workspace, execute browser operations via Playwright, and run a local HTTP server. Sanitization: There is no evidence of HTML escaping or input validation on the data interpolated into the chart templates, creating an injection surface.
Audit Metadata