multi-chart-draw
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes external command-line tools to render diagrams.
scripts/render_mermaid.pyexecutes themmdc(Mermaid CLI) tool viasubprocess.runusing input files generated from agent content.scripts/render_mindmap.pyexecutes themarkmapCLI tool viasubprocess.runto convert Markdown to SVG/PNG.- [EXTERNAL_DOWNLOADS]: Generated HTML files for ECharts, DrawIO, and GeoGebra reference scripts and resources from external, well-known services.
- ECharts templates use
cdn.jsdelivr.netfor the core library. - GeoGebra templates load the deployment API from
www.geogebra.org. - DrawIO templates embed an iframe pointing to
embed.diagrams.net. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8).
- Ingestion points: User-provided text is processed by the agent to generate code for Mermaid, ECharts, Mindmap, DrawIO, or GeoGebra.
- Boundary markers: There are no explicit boundary markers or 'ignore embedded instructions' warnings in the generated configuration files.
- Capability inventory: The skill possesses file-writing capabilities and the ability to execute subprocesses (mmdc, markmap) on the generated content.
- Sanitization: While
scripts/render_echarts.pyandscripts/render_drawio.pyuse JSON serialization to safely escape data for HTML/JavaScript generation, the underlying diagram code (like Mermaid or GeoGebra commands) is passed directly to third-party rendering engines which may have their own parsing vulnerabilities. - [NO_CODE]: Several scripts serve as templates for dynamic HTML generation.
scripts/render_geogebra.pyandscripts/render_drawio.pygenerate web pages that execute logic in the user's browser context based on agent-generated parameters.
Audit Metadata