xiyou-insight
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The dashboard generation script references the ECharts library from the well-known JSDelivr CDN (cdn.jsdelivr.net) to provide data visualization within the produced HTML reports. This is a standard practice for rendering charts in static files.
- [COMMAND_EXECUTION]: The Python scripts perform routine file system operations, such as creating directories and writing analysis results to the local filesystem. No evidence of arbitrary shell command execution or subprocess spawning for malicious purposes was found.
- [DATA_EXFILTRATION]: No unauthorized network operations or exfiltration patterns were detected. The skill's architecture relies on the platform's Model Context Protocol (MCP) for data retrieval, and the local scripts focus exclusively on data processing and report generation.
- [PROMPT_INJECTION]: The skill instructions and scenario definitions do not contain any patterns attempting to override agent behavior, extract system prompts, or bypass safety constraints.
- [CREDENTIALS_UNSAFE]: No hardcoded API keys, secrets, or sensitive configuration files are present. The skill correctly uses placeholders and instructions for parameter-driven data fetching through the MCP interface.
Audit Metadata