research-visualizer
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill employs a specific Python command-line utility via Bash to base64-encode image files. This execution is limited to a predefined template used solely for inlining graphical assets into the HTML report.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it processes and summarizes external research artifacts which may contain malicious instructions designed to influence the agent's summary narrative.
- Ingestion points: Files including 'exploration_tree.yaml', 'PAPER.md', and various markdown files in the 'logic/' and 'evidence/' directories are ingested and processed.
- Boundary markers: The skill uses specific JSON markers ('/* ARA_DATA_BEGIN /' and '/ ARA_DATA_END */') and character escaping to separate data from the rendering template.
- Capability inventory: Across its scripts, the skill has access to file writing ('Write', 'Edit'), globbing, and restricted shell execution ('Bash') for image processing.
- Sanitization: The skill includes an explicit 'Injection contract' requiring the agent to escape '<' characters as '<' in all processed text to prevent cross-site scripting (XSS) in the generated HTML viewer.
Audit Metadata