chart

Pass

Audited by Gen Agent Trust Hub on May 29, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface where user-supplied content is injected into generated HTML files, potentially leading to Cross-Site Scripting (XSS).
  • Ingestion points: Chart titles, subtitles, and data series provided by the user or external data sources are passed to the building scripts in scripts/build_chart.py.
  • Boundary markers: None detected. The skill does not use delimiters or warnings to prevent the interpretation of embedded instructions within the processed data.
  • Capability inventory: The skill writes these values to the filesystem as HTML files (index.html) which are served via a local web server and can be rendered in the agent's preview window. It also uses Playwright to render these pages for screenshots.
  • Sanitization: There is no evidence of HTML escaping or sanitization of the title, subtitle, or replacements values before they are used in string replacement or f-string interpolation within the build_chart and build_chart_custom functions in scripts/build_chart.py.
Audit Metadata
Risk Level
SAFE
Analyzed
May 29, 2026, 03:30 AM
Security Audit — agent-trust-hub — chart