Skills
skills/within-7/minto-plugin-tools/echarts-chart/Gen Agent Trust Hub

echarts-chart

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill generates HTML templates that fetch the ECharts library from a well-known public CDN.
  • Evidence: References to https://cdn.jsdelivr.net/npm/echarts@5.4.3/dist/echarts.min.js in references/chart-templates.md and references/config-guide.md.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it incorporates untrusted user data into generated code.
  • Ingestion points: User data provided through the /generate-chart command or natural language descriptions as described in SKILL.md.
  • Boundary markers: The skill documentation does not define specific delimiters or "ignore instructions" prompts to isolate user data from the generation logic.
  • Capability inventory: The skill generates executable HTML and JavaScript code intended for browser execution.
  • Sanitization: There are no specified sanitization or validation steps for the input data before it is rendered into the ECharts option configuration.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 03:54 PM