Skills
skills/vishalsachdev/claude-skills/chartjs-generator/Gen Agent Trust Hub

chartjs-generator

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (SAFE): The templates include the Chart.js library via a public CDN. This is standard for web-based visualizations.
  • Evidence: https://cdn.jsdelivr.net/npm/chart.js@4.4.0/dist/chart.umd.min.js in all HTML files.
  • INDIRECT PROMPT INJECTION (LOW): A vulnerability surface for indirect injection (specifically DOM-based XSS) exists in the bubble chart template.
  • Ingestion points: Untrusted data labels provided via the data array in assets/template-bubble.html.
  • Boundary markers: None. Data is interpolated directly into strings.
  • Capability inventory: The script manipulates the DOM to create list items and populate quadrant analysis.
  • Sanitization: Absent. The populateQuadrants function uses li.innerHTML = \${item.type}...`;which allows any HTML or script tags within theitem.type` property to be executed in the context of the page.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:21 PM