math-function-plotter-plotly
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill generates HTML files that reference the Plotly.js library via its official CDN (https://cdn.plot.ly/plotly-2.27.0.min.js). Plotly is a well-known and trusted service for data visualization.
- [PROMPT_INJECTION]: The skill defines a process where user-provided mathematical expressions are interpolated into a JavaScript function template within the generated
script.jsfile. This represents a surface for indirect prompt injection. - Ingestion points: User input for the 'Function expression' field in the prompt gathering step.
- Boundary markers: None identified in the provided templates to isolate user input from the executable code context.
- Capability inventory: The skill writes multiple files (HTML, CSS, JS, Markdown, JSON) to the local file system using the agent's file-writing capabilities.
- Sanitization: While the skill providing a guide for translating math notation to JavaScript, it lacks explicit sanitization instructions for the model to validate the resulting string before interpolation into the code.
Audit Metadata