Skills
skills/acaprino/alfio-claude-plugins/forcegraph-exporter/Gen Agent Trust Hub

forcegraph-exporter

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The generated HTML output fetches the force-graph library from the unpkg CDN (https://unpkg.com/force-graph@1.48.0/dist/force-graph.min.js). unpkg is a well-known service for serving NPM packages.
  • [COMMAND_EXECUTION]: The skill runs a Python script (scripts/generate_forcegraph.py) to perform the data conversion and file generation.
  • [PROMPT_INJECTION]: The skill processes untrusted JSON data to generate a visualization, creating a surface for indirect instructions or payload embedding.
  • Ingestion points: Reads mindmap data from outline.json or stdin.
  • Boundary markers: None identified in the processing flow.
  • Capability inventory: Performs file system writes to paths specified by the --output parameter.
  • Sanitization: Uses html.escape() for titles and json.dumps() with script-tag escaping to safely embed data within the HTML template.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 03:14 AM