frame-data-chart-nyt
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, persistence mechanisms, or unauthorized access attempts were detected during the analysis of the skill's code and instructions.
- [EXTERNAL_DOWNLOADS]: The skill references assets from well-known services, including typography from Google Fonts and CSS frameworks from the Tailwind CSS CDN, to handle visual rendering.
- [PROMPT_INJECTION]: The skill ingests untrusted user data (CSV, JSON, or text) to generate visualizations, which presents a surface for indirect prompt injection. This finding is considered safe as it is integral to the skill's primary purpose and the output is limited to static HTML/SVG formatting.
- Ingestion points: User-provided data for chart generation as specified in SKILL.md.
- Boundary markers: Absent; instructions do not define specific delimiters for user data.
- Capability inventory: Generates visual code; no access to shell commands, sensitive file systems, or external network write operations across any referenced files.
- Sanitization: Absent; the agent is instructed to map data directly to coordinates and labels.
Audit Metadata