data-algo-viz
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches rendering dependencies from the npm registry and utilizes the Playwright package from Microsoft to capture screenshots of generated reports.
- [COMMAND_EXECUTION]: Local shell commands are executed to install dependencies, run the bundled Node.js rendering script, and utilize the Playwright CLI for image generation.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its core function of ingesting workspace-provided algorithm profiles and benchmark data for visualization.
- Ingestion points: Data is read from
.algo-profile/**/*.mdandbenchmark.jsonwithin the workspace. - Boundary markers: The skill does not implement specific delimiters or 'ignore' instructions for the processed content.
- Capability inventory: The skill has the ability to write HTML files to the workspace and execute shell commands through the Playwright CLI.
- Sanitization: There is no evidence of explicit sanitization or escaping of the ingested content prior to its interpolation into JSON specs or HTML templates.
Audit Metadata