Skills
skills/varnan-tech/opendirectory/graphic-chart/Gen Agent Trust Hub

graphic-chart

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads the playwright library and a Chromium browser binary during setup. These are sourced from well-known and trusted official repositories (NPM and Playwright's distribution servers).
  • [COMMAND_EXECUTION]: The skill utilizes a bash script (scripts/export-chart.sh) to install dependencies and execute the screenshot process, which involves standard calls to npm and node.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes user-provided data and titles, which are inserted into an HTML template for rendering in a headless browser.
  • Ingestion points: Data and text labels provided by the user (SKILL.md).
  • Boundary markers: Absent.
  • Capability inventory: Subprocess execution for shell scripts and browser automation via Playwright (scripts/export-chart.sh, scripts/screenshot-chart.mjs).
  • Sanitization: User-provided strings are not explicitly sanitized before being interpolated into the generated HTML.
  • [DYNAMIC_EXECUTION]: The skill generates and executes HTML/JavaScript content at runtime to produce its chart visualizations.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 03:09 PM
Security Audit — agent-trust-hub — graphic-chart