autoviz
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill instructs the user to install the autoviz library and related visualization packages (matplotlib, seaborn, plotly, bokeh) from PyPI. These are external dependencies not maintained by a trusted organization.
- PROMPT_INJECTION (LOW): The skill's primary function is to process external data files (e.g., data.csv), which creates a surface for indirect prompt injection attacks.
- Evidence Chain:
- Ingestion points: Data is loaded via pandas.read_csv and the AutoViz class.
- Boundary markers: No markers or warnings are used to delimit untrusted data.
- Capability inventory: The skill reads local files and generates visualization reports.
- Sanitization: The provided examples do not include data validation or sanitization logic.
Audit Metadata