visual-explainer
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes several system commands to extract data from the codebase, such as 'git diff', 'git log', 'grep', and 'wc'. It also executes 'surf-cli', a vendor-provided tool, for image generation, and uses 'open' or 'xdg-open' to display results in a browser.
- [EXTERNAL_DOWNLOADS]: The skill's output files include references to external libraries such as Mermaid.js, Chart.js, and Anime.js hosted on the jsDelivr CDN, as well as Google Fonts. It also encourages the installation of the 'surf-cli' and 'pi-prompt-template-model' tools from the author's public repositories.
- [PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect prompt injection as it is designed to ingest and interpret untrusted documents like implementation plans and git diffs. A malicious actor could embed hidden instructions within these files to manipulate the agent's logic or data extraction. Mandatory evidence: 1) Ingestion points: 'prompts/plan-review.md', 'prompts/diff-review.md', 'prompts/fact-check.md'; 2) Boundary markers: Absent; 3) Capability inventory: Shell command execution (git, surf), file reading/writing; 4) Sanitization: Absent.
- [PROMPT_INJECTION]: The 'SKILL.md' file includes instructions that override standard agent behavior by requiring automatic HTML rendering for tables and prohibiting fallback to terminal-based ASCII art without user confirmation.
Audit Metadata