autoviz
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill documentation suggests installing several common Python data science libraries via pip (
autoviz,matplotlib,seaborn,plotly,bokeh,pandas). While these are external dependencies, they are well-established community packages. - [Indirect Prompt Injection] (LOW): The skill acts as a data processing interface, which is a common surface for indirect injection.
- Ingestion points: Processes external CSV files and DataFrames via the
filenameanddfteparameters. - Boundary markers: None explicitly defined in the README context.
- Capability inventory: Read access to local datasets and write access to the filesystem for saving generated plots and HTML reports.
- Sanitization: Relies on the security and parsing logic of the underlying
pandasandautovizlibraries. - [SAFE] (SAFE): A comprehensive review found no evidence of prompt injection, credential exposure, obfuscation, or persistence mechanisms. The skill's behavior matches its stated purpose of data visualization.
Audit Metadata