hand-drawn-infographic-creator
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it is designed to ingest and process untrusted external data from the web using search and crawling tools. This data is used to formulate AI generation prompts and layout designs.
- Ingestion points: Reference imagery and anatomical data are retrieved via the
WebSearch,WebFetch, andmcp__firecrawl__*tools as part of the standard workflow described inSKILL.md. - Boundary markers: The skill uses structured Markdown and YAML templates (e.g., in
SKILL.md) to organize its output, which helps separate retrieved content from core instructions. - Capability inventory: The skill is granted permissions for
WriteandEditoperations and has access to several image generation tools. - Sanitization: There is no explicit logic provided in the skill to sanitize or filter the results returned from web searches before they are used to generate visual specifications.
- [EXTERNAL_DOWNLOADS]: The skill references and interacts with several well-known technology services, specifically Stability AI, Ideogram, and Firecrawl. These services are used according to their primary functions (image generation and web scraping) and do not represent suspicious external behavior.
Audit Metadata