infographic-structure-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill possesses an indirect prompt injection surface as it is designed to ingest and process untrusted external data.
- Ingestion points: The skill reads
references/structure-prompt.mdand scans existing files insrc/designs/structuresas part of its workflow. - Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands within the ingested data.
- Capability inventory: The skill is authorized to generate or update TypeScript/TSX components within the repository's source directory (
src/designs/structures). - Sanitization: No sanitization or validation of the ingested file content is performed before it is interpolated into the generation logic.
- Data Exposure & Exfiltration (SAFE): No evidence of hardcoded credentials, access to sensitive system paths (like ~/.ssh or ~/.aws), or network exfiltration patterns were detected. Access to the repository structure is consistent with the primary purpose of the skill.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not perform external package installations or execute remote scripts via curl/wget. It generates source code but does not appear to execute it at runtime.
Audit Metadata