plotext-financial-chart
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the plotext library from the Python Package Index (PyPI) during the preflight check if it is not already present. This is a legitimate dependency for the skill's core functionality. Evidence: pip installation commands in SKILL.md.
- [COMMAND_EXECUTION]: The skill utilizes Bash heredocs to execute Python scripts that generate ASCII chart output. Evidence: Bash and Python rendering commands in SKILL.md and references/api-and-patterns.md.
- [PROMPT_INJECTION]: The skill processes user-supplied data (lists of coordinates) for chart generation, creating a surface for indirect prompt injection. 1. Ingestion points: User-provided data arrays in SKILL.md and references/api-and-patterns.md. 2. Boundary markers: Absent. 3. Capability inventory: Bash, Read, Write, and Edit tools are available to the skill. 4. Sanitization: No explicit validation or sanitization of the input data is performed before processing.
Audit Metadata