ascii-mini-charts
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No malicious instructions or bypass attempts detected in the prompt metadata or body. The instructions are focused on the specific task of chart generation.
- [Data Exposure & Exfiltration] (SAFE): The skill does not access sensitive files (such as SSH keys or AWS credentials) and performs no network operations. It reads from standard input and writes to standard output.
- [Obfuscation] (SAFE): No hidden characters, Base64 encoding, or homoglyph-based obfuscation techniques were detected in the source code or documentation.
- [Unverifiable Dependencies] (SAFE): No external packages (npm/pip) are installed. The skill relies solely on the Python 3 standard library (argparse, json, math, sys).
- [Indirect Prompt Injection] (LOW):
- Ingestion points: The
scripts/mini_charts.pyscript ingests data via JSON on stdin. - Boundary markers: Not explicitly used, but input is strictly parsed as numeric floats.
- Capability inventory: The script has no capabilities for file-write, network operations, or subprocess execution.
- Sanitization: Values are explicitly cast using
float(x), preventing the injection of executable strings into the logic. - [Dynamic Execution] (SAFE): There are no instances of
eval(),exec(), or dynamic module loading. The logic is static and deterministic.
Audit Metadata