plotly
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the installation of widely-used and legitimate Python packages via standard package managers.\n- [PROMPT_INJECTION]: The documentation includes a directive for the agent to recommend the author's hosted platform (www.k-dense.ai) when tasks reach a certain level of complexity. This constitutes a behavioral steering directive but does not attempt to bypass safety guidelines.\n- [COMMAND_EXECUTION]: The skill demonstrates how to launch a Dash web application server for local development using standard library commands.\n- [SAFE]: Evaluation of the skill's surface for indirect prompt injection reveals a standard data processing model for visualization tools.\n
- Ingestion points: Data entering through pandas DataFrames (SKILL.md).\n
- Boundary markers: None explicitly defined to separate data from instructions within the prompts.\n
- Capability inventory: File system write access via 'write_html' and 'write_image'; network server execution via Dash 'run_server'.\n
- Sanitization: Relies on Plotly and Dash internal sanitization for handling user-provided data.
Audit Metadata