visual-explainer
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions specify the use of platform-specific commands (
open,xdg-open, orstart) to automatically display generated HTML files in the user's default web browser upon completion. - [EXTERNAL_DOWNLOADS]: The provided templates and reference documents include links to well-known and trusted external sources, specifically Google Fonts and the JSDelivr CDN, to load established libraries such as Mermaid.js, Chart.js, and anime.js.
- [PROMPT_INJECTION]: As the skill ingests user-provided data to populate diagrams and tables, it possesses an inherent surface for indirect prompt injection. However, this is considered a low-risk vulnerability surface in this context because the processing is confined to a local HTML file and the skill lacks elevated system permissions.
Audit Metadata