Skills
skills/kaggle/kaggle-environments/create-visualizer/Gen Agent Trust Hub

create-visualizer

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill utilizes the $ARGUMENTS variable to include user-supplied text directly in its operational instructions.
  • Ingestion points: The $ARGUMENTS variable in SKILL.md is replaced with the user-provided environment name at runtime.
  • Boundary markers: The instructions lack delimiters or specific isolation markers to separate the untrusted input from the rest of the prompt logic.
  • Capability inventory: The skill is designed to manage web development tasks, including generating Vite and TypeScript frontend code and handling replay playback.
  • Sanitization: There is no evidence of filtering, escaping, or validation of the input, which could allow a malicious user to supply instructions that override the agent's behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 09:18 PM
Security Audit — agent-trust-hub — create-visualizer