Skills
skills/zephyrwang6/pm-skills/SPACE-analytics/Gen Agent Trust Hub

SPACE-analytics

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches Chart.js and D3.js libraries from Cloudflare's official CDN to provide interactive visualizations in the generated HTML reports.
  • [REMOTE_CODE_EXECUTION]: Dynamically generates HTML and JavaScript code to assemble analysis reports based on local templates and runtime data processing.
  • [PROMPT_INJECTION]: Presents a surface for indirect prompt injection because it ingests untrusted user data (CSV, Excel, SQL results) and interpolates findings into a report.
  • Ingestion points: CSV/Excel data and SQL results defined in SKILL.md.
  • Boundary markers: Absent; data is directly interpolated into the template.
  • Capability inventory: Local file read for templates and file write for report output.
  • Sanitization: No explicit instructions for escaping or validating external data before interpolation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 06:31 AM
Security Audit — agent-trust-hub — SPACE-analytics