data-visualization
Warn
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the
beltCLI for tasks such as authentication and running applications. - [REMOTE_CODE_EXECUTION]: It provides templates for executing arbitrary Python code (using
matplotlibandnumpy) and HTML content within remote execution environments likeinfsh/python-executorandinfsh/html-to-imagevia thebelt app runcommand. - [EXTERNAL_DOWNLOADS]: The skill references installation instructions and additional skill packages hosted on
github.com/inference-sh. - [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection by encouraging the interpolation of data into executable code templates without providing sanitization or boundary markers.
- Ingestion points: Chart data, titles, and annotations likely sourced from user input.
- Boundary markers: Absent in the provided code templates.
- Capability inventory: Execution of shell commands and remote code via the
beltCLI. - Sanitization: None provided in the instructions or code examples.
Audit Metadata