math-function-plotter-plotly

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill generates HTML files that reference the Plotly.js library via its official CDN (https://cdn.plot.ly/plotly-2.27.0.min.js). Plotly is a well-known and trusted service for data visualization.
  • [PROMPT_INJECTION]: The skill defines a process where user-provided mathematical expressions are interpolated into a JavaScript function template within the generated script.js file. This represents a surface for indirect prompt injection.
  • Ingestion points: User input for the 'Function expression' field in the prompt gathering step.
  • Boundary markers: None identified in the provided templates to isolate user input from the executable code context.
  • Capability inventory: The skill writes multiple files (HTML, CSS, JS, Markdown, JSON) to the local file system using the agent's file-writing capabilities.
  • Sanitization: While the skill providing a guide for translating math notation to JavaScript, it lacks explicit sanitization instructions for the model to validate the resulting string before interpolation into the code.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 05:37 AM
Security Audit — agent-trust-hub — math-function-plotter-plotly