interactive-infographic-overlay
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection. 1. Ingestion points: Untrusted data enters via user requirements and textbook specifications described in Step 1 of SKILL.md. 2. Boundary markers: Absent in the generated data.json and main.html files. 3. Capability inventory: The skill performs file system operations in SKILL.md (mkdir, cp) and the generated diagram.js performs DOM manipulation and clipboard access. 4. Sanitization: Absent; user-provided labels and tips are not escaped or filtered.
- [COMMAND_EXECUTION]: The shared library assets/shared-libs/diagram.js uses innerHTML to render user-controlled data, which allows for client-side script execution (XSS). This occurs in showInfobox and handleAnswer methods when displaying structure labels and educational tips.
- [DATA_EXFILTRATION]: The assets/shared-libs/diagram.js file utilizes navigator.clipboard.writeText to provide a 'Copy JSON' feature in its calibration mode, which involves writing data to the system clipboard.
Audit Metadata