quickchart
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a Node.js script (
scripts/build-chart.js) intended to be executed by the agent to process chart configurations, generate URLs, or download image files.- [EXTERNAL_DOWNLOADS]: The helper script communicates with the QuickChart API athttps://quickchart.ioto render images and create short URLs for chart embedding. This is the primary intended functionality of the skill.- [DATA_EXFILTRATION]: The script transmits chart configuration data (which may be read from local files or stdin) to the external QuickChart service. The skill's documentation proactively warns users against including sensitive or private information in these configurations, as free-tier URLs are public.
Audit Metadata