infographic
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
rsvg-convertandopenutilities to perform its core functions of image conversion and display. These are standard system commands and are used appropriately for the skill's stated purpose. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) because it processes untrusted user input and embeds it into structured SVG data. * Ingestion points: Content is ingested via the
/infographiccommand inSKILL.md. * Boundary markers: There are no explicit delimiters or instructions to treat user-provided text as data only. * Capability inventory: The agent has the ability to write files to the file system and execute shell commands. * Sanitization: The skill does not demonstrate any escaping or validation of user input before it is used to generate the final SVG output.
Audit Metadata