Skills
skills/toolshell/skills/data-visualization/Gen Agent Trust Hub

data-visualization

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill documentation recommends installing external dependencies using npx skills add inference-sh/skills@agent-tools and lists several other related skills from the same source.
  • [COMMAND_EXECUTION]: The skill requires the Bash tool to execute infsh CLI commands, including infsh login for authentication and infsh app run for task execution.
  • [REMOTE_CODE_EXECUTION]: The provided visualization recipes involve sending Python scripts and HTML snippets to remote applications (infsh/python-executor and infsh/html-to-image) for processing and rendering.
  • [PROMPT_INJECTION]: A potential surface for indirect prompt injection exists because the skill encourages generating Python code for visualizations based on data; if an agent interpolates untrusted external data into these code blocks without sanitization, it could lead to unintended code execution within the remote environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 12:09 PM