plotext-financial-chart
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the 'plotext' Python library from the official PyPI registry, which is a well-known and trusted service for package distribution.\n- [COMMAND_EXECUTION]: The skill uses Bash and Python to execute commands for checking environment dependencies and rendering charts through string-based script execution.\n- [PROMPT_INJECTION]: The skill provides an indirect prompt injection surface where untrusted data is processed into executable context.\n
- Ingestion points: User-provided numeric data points are interpolated into Python scripts within the SKILL.md and api-and-patterns.md files.\n
- Boundary markers: Absent; numeric data is inserted directly into Python list variables without delimiters or instructions to ignore embedded commands.\n
- Capability inventory: The skill uses Bash to execute generated Python code and has access to local Read, Bash, Write, and Edit tools.\n
- Sanitization: Absent; no input validation or sanitization is performed on user-supplied data points before interpolation into the script logic.
Audit Metadata