Skills
skills/davaded/echarts-ai-skill/echarts-chart-skill/Gen Agent Trust Hub

echarts-chart-skill

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through a cross-site scripting (XSS) surface in the HTML generation logic. The renderHtml function in src/core/render.ts interpolates user-controlled chart options into a script block using JSON.stringify without escaping the closing script tag context.
  • Ingestion points: Data from the ChartRequest JSON object, including fields like title, subtitle, and dataset values.
  • Boundary markers: Absent; data is directly embedded into the HTML template without delimiters or safety instructions.
  • Capability inventory: The skill can read from and write to the local filesystem, including support for home and Desktop directories through CLI arguments handled in src/cli/args.ts.
  • Sanitization: Absent; the implementation relies solely on standard JSON stringification, which is insufficient for embedding data in HTML script tags.
  • [EXTERNAL_DOWNLOADS]: The generated HTML output references the ECharts library from a trusted and well-known service (https://cdn.jsdelivr.net/npm/echarts@5/dist/echarts.min.js). This is a neutral finding documented for visibility.
  • [COMMAND_EXECUTION]: The skill provides various CLI entry points (dist/cli/*.js) intended for agent execution. These tools allow the agent to manage charting workflows, which includes reading input data and saving generated artifacts to the filesystem.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 11:48 AM
Security Audit — agent-trust-hub — echarts-chart-skill