infographic
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill contains no scripts, binaries, or package manager files (e.g., requirements.txt, package.json). It operates entirely as a formatting instruction for the AI agent.
- [Data Exposure & Exfiltration] (SAFE): No sensitive file paths (like ~/.ssh or .env) or network-exfiltration commands are present. The skill only defines a syntax for presenting visual data to the user.
- [Indirect Prompt Injection] (SAFE): While the skill defines how to process user-provided strings (labels, descriptions) into a visual template, it does not possess any risky capabilities (such as shell execution or file system writes) that could be exploited through malicious data inputs.
- [Metadata Poisoning] (SAFE): The skill metadata (name, description, auth) accurately describes its purpose. While the author field contains promotional language for a browser extension, it does not attempt to override agent instructions or hide malicious behavior.
Audit Metadata