Skills
skills/brycewang-stanford/awesome-agent-skills-for-empirical-research/plotnine/Gen Agent Trust Hub

plotnine

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill consists entirely of documentation and usage examples for the legitimate plotnine visualization library. No executable code or malicious instructions are present within the skill files.- [EXTERNAL_DOWNLOADS]: The documentation references standard installation procedures for the plotnine package using pip or conda, which are official and trusted package distribution methods.- [INDIRECT_PROMPT_INJECTION]: The skill describes a data processing and visualization workflow, which inherently presents a surface for indirect prompt injection via the data being visualized.
  • Ingestion points: Untrusted data is ingested into the agent context through DataFrames passed to the ggplot() function in analytical scripts (described in SKILL.md and quickstart.md).
  • Boundary markers: The documentation does not specify the use of boundary markers or instructions to ignore embedded commands in input data.
  • Capability inventory: The skill identifies capabilities for file writing (p.save() in quickstart.md) and the execution of Python scripts via Bash as part of a research pipeline.
  • Sanitization: No data sanitization or validation methods are described for the input DataFrames.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 10:10 AM
Security Audit — agent-trust-hub — plotnine