visual-explainer
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill retrieves rendering engines and style assets from well-known, established providers. This includes library code from JSDelivr (Mermaid.js, Chart.js, Prism.js, and anime.js) and typefaces from Google Fonts. These downloads are required for the skill's primary function of generating high-quality standalone HTML documents.\n- [COMMAND_EXECUTION]: The skill uses development-oriented shell commands such as
git diff,git show,ls,grep, andwcto gather the necessary metadata and file content from the local codebase. It also invokes system commands likeopenorxdg-opento display the resulting visualizations in the user's browser.\n- [COMMAND_EXECUTION]: The 'publish' mode utilizes a local shell script (publish.sh) located in a companion skill's directory. This is used to deploy the generated visualization to an external endpoint as intended by the author's workflow.\n- [PROMPT_INJECTION]: An indirect prompt injection surface exists because the skill processes untrusted codebase content and possesses significant system capabilities.\n - Ingestion points: The skill reads file content and git history (
diff-review.md,fact-check.md) from the user's project into the agent context.\n - Boundary markers: Absent; the instructions do not explicitly provide delimiters or directives to the agent to disregard instructions that may be embedded within the source files it analyzes.\n
- Capability inventory: The skill possesses command execution, file modification (in the
fact-checkprompt), and local network connectivity via a WebSocket bridge.\n - Sanitization: The instructions do not define any specific sanitization or filtering logic for the ingested content.
Audit Metadata