Skills
skills/antvis/gpt-vis/chart-visualization/Gen Agent Trust Hub

chart-visualization

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references the GPT-Vis library from unpkg.com, a well-known and trusted registry mirror. This package is maintained by the vendor antvis.
  • [REMOTE_CODE_EXECUTION]: The skill's primary function is to generate executable HTML and JavaScript code blocks for rendering data visualizations in a web context.
  • [COMMAND_EXECUTION]: Documentation provides standard npm install instructions for setting up the required visualization libraries, which is typical for developer-focused tools.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes potentially untrusted user data to generate chart outputs.
  • Ingestion points: Data for charts is ingested via user prompts as described in SKILL.md and the T8 syntax for summaries in references/summary.md.
  • Boundary markers: Absent. No specific delimiters or instructions are used to separate user-provided data from the agent's instructions.
  • Capability inventory: The skill generates and outputs executable JavaScript and HTML code based on input data.
  • Sanitization: The instructions do not specify sanitization or escaping of input data before its inclusion in the generated visualization code.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 09:54 AM