Skills
skills/vishalsachdev/claude-skills/timeline-generator/Gen Agent Trust Hub

timeline-generator

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The template-index.md file specifies that the visualization depends on vis-timeline.js and vis-timeline.css loaded from a CDN. While a standard development practice, it creates a dependency on third-party remote resources.
  • PROMPT_INJECTION (LOW): An indirect prompt injection surface exists because user-provided content is directly interpolated into HTML and JSON templates. 1. Ingestion points: Event headlines, descriptions, and category names are used to fill placeholders in template-main.html and template-timeline.json. 2. Boundary markers: The templates lack delimiters or instruction-level isolation for user data. 3. Capability inventory: The skill uses the agent's ability to write files to the local filesystem (docs/sims/). 4. Sanitization: There is no evidence of sanitization or escaping of the user-provided data before it is written to the output files.
  • COMMAND_EXECUTION (SAFE): The templates do not contain any instructions for executing shell commands or spawning system processes.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:45 PM