pm-analytics

Pass

Audited by Gen Agent Trust Hub on Jul 9, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references Chart.js and D3.js from Cloudflare's well-known CDN (cdnjs.cloudflare.com) to provide data visualization in the generated HTML reports. These are established services used for their intended purpose.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it ingests untrusted data from CSV, Excel, or SQL results to generate reports.
  • Ingestion points: User-uploaded files and SQL query results processed as described in SKILL.md.
  • Boundary markers: Absent; the skill does not explicitly instruct the agent to use delimiters when processing this data.
  • Capability inventory: The skill generates HTML reports using assets/report-template.html which includes JavaScript execution for charts.
  • Sanitization: Absent; there are no specific instructions to escape or sanitize the data before it is interpolated into the HTML template. However, given this is the skill's primary purpose, the risk is considered low.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 9, 2026, 04:36 PM
Security Audit — agent-trust-hub — pm-analytics