Skills
skills/nexu-io/html-anything/data-report/Gen Agent Trust Hub

data-report

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill loads dependencies from well-known services including cdn.jsdelivr.net, cdn.tailwindcss.com, and fonts.googleapis.com to provide chart rendering and styling capabilities. This is standard practice for creating interactive visualization reports.
  • [PROMPT_INJECTION]: The skill processes user-supplied data to generate visual reports, which presents a surface for indirect prompt injection (Category 8).
  • Ingestion points: Processes CSV, Excel, and JSON data provided in the agent's context as specified in SKILL.md.
  • Boundary markers: No specific delimiters or safety instructions regarding untrusted data are present in the instructions.
  • Capability inventory: The skill generates HTML and JavaScript for the user's browser; it does not utilize subprocesses, system commands, or network operations from the agent's host environment.
  • Sanitization: No explicit sanitization or validation steps are included in the generation instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 11:43 AM
Security Audit — agent-trust-hub — data-report