chart
Pass
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface where user-supplied content is injected into generated HTML files, potentially leading to Cross-Site Scripting (XSS).
- Ingestion points: Chart titles, subtitles, and data series provided by the user or external data sources are passed to the building scripts in
scripts/build_chart.py. - Boundary markers: None detected. The skill does not use delimiters or warnings to prevent the interpretation of embedded instructions within the processed data.
- Capability inventory: The skill writes these values to the filesystem as HTML files (
index.html) which are served via a local web server and can be rendered in the agent's preview window. It also uses Playwright to render these pages for screenshots. - Sanitization: There is no evidence of HTML escaping or sanitization of the
title,subtitle, orreplacementsvalues before they are used in string replacement or f-string interpolation within thebuild_chartandbuild_chart_customfunctions inscripts/build_chart.py.
Audit Metadata