infographic-creator
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Potential for indirect prompt injection via user-provided data. Ingestion points: User-supplied text is used to populate the infographic data fields (labels, descriptions) within a generated DSL. Boundary markers: Absent. The skill does not define specific escaping or delimiting strategies for user input when embedding it into the final HTML template's script block. Capability inventory: The skill uses a file-writing tool to generate and save an HTML file to the local system. Sanitization: Absent. There are no instructions for sanitizing user input to prevent it from breaking the JavaScript syntax or injecting scripts into the generated HTML file.
- [EXTERNAL_DOWNLOADS]: Fetches resources from a well-known CDN. Reference: The skill loads the infographic library from 'https://unpkg.com/@antv/infographic@latest/dist/infographic.min.js'. Analysis: This is a legitimate dependency from the skill's author, AntV, and is hosted on a standard and well-known package delivery service.
Audit Metadata