chart
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by interpolating potentially untrusted data into generated files without sanitization.
- Ingestion points: Data enters the system via the title, subtitle, description, and replacements arguments in scripts/build_chart.py, as well as the script_content in save_generate_script.
- Boundary markers: The skill does not use boundary markers or delimiters to isolate user-supplied data from the structure of the generated HTML (index.html), Markdown (README.md), or Python (generate.py) files.
- Capability inventory: The skill has the capability to write files to the local workspace (scripts/build_chart.py, scripts/chart_server.py) and perform browser-based operations (scripts/build_chart.py using Playwright).
- Sanitization: There is no evidence of HTML escaping or input validation for strings injected into templates or generated scripts.
- [EXTERNAL_DOWNLOADS]: The HTML templates fetch the Apache ECharts library from a well-known CDN (jsdelivr.net). This is a standard and expected practice for web-based visualizations.
Audit Metadata