infographic-creator
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill generates an HTML file that fetches the @antv/infographic library from unpkg.com, which is a well-known CDN. This is a vendor-related resource required for the skill's operation.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes untrusted user data into a generated HTML file without sanitization. 1. Ingestion points: User-provided text for infographic content in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: The skill uses a Write tool to create HTML files on the local system. 4. Sanitization: No evidence of input escaping or validation before file generation is present.
Audit Metadata