Skills
skills/nateherkai/a-bunch-of-skills/visualizations/Gen Agent Trust Hub

visualizations

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes a local utility script scripts/visualizations/generate-visual.js to process image generation prompts.
  • [EXTERNAL_DOWNLOADS]: Connects to the kie.ai API for model inference as part of the diagram generation process. This is a well-known service used for the skill's primary purpose.
  • [PROMPT_INJECTION]: Ingests untrusted data via $ARGUMENTS to define diagram content. This content is interpolated into a structured prompt that is subsequently passed as an argument to a shell command.
  • Ingestion points: User-provided concepts processed in SKILL.md.
  • Boundary markers: The resulting prompt text is wrapped in double quotes when passed to the shell command in Step 6.
  • Capability inventory: Shell execution of the Node.js script.
  • Sanitization: No explicit shell-escaping or input validation logic is defined in the skill instructions, relying on the agent's construction of the prompt string.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 11:33 PM