Skills
skills/coszone/astro-koharu/infographic-item-creator/Gen Agent Trust Hub

infographic-item-creator

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill processes content from 'references/item-prompt.md' and existing files in 'src/designs/items' to generate code, creating an attack surface where malicious instructions in these files can influence the output.
  • Ingestion points: Local file reads from 'references/item-prompt.md' and directory scanning of 'src/designs/items'.
  • Boundary markers: Absent. There are no instructions to help the agent distinguish between data and instructions in the read files.
  • Capability inventory: The skill allows the agent to generate and update .tsx and .ts files in the repository.
  • Sanitization: No sanitization or validation of the input data is performed before it is used to construct the generated TypeScript code.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 08:07 AM