infographic-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): Path Traversal and Arbitrary File Write vulnerability in output resolution.
- Evidence: In
scripts/infographic_cli.py, theresolve_outputfunction accepts an unvalidated string from the--outputCLI argument and converts it directly into aPathobject. It then callsmkdir(parents=True, exist_ok=True)on this path. - Impact: An attacker could provide a path like
../../../../.ssh/authorized_keysor../../../../etc/passwdto attempt to overwrite sensitive system files during the infographic generation process. - REMOTE_CODE_EXECUTION (MEDIUM): Dynamic Module Loading via Computed Paths.
- Evidence: The
load_generatorfunction inscripts/infographic_cli.pyutilizesimportlib.util.spec_from_file_locationandspec.loader.exec_moduleto execute a Python script located at a path relative to the current file's parent directories. - Impact: If an attacker can influence the directory structure or place a file at the calculated
GENERATOR_PATH, they can achieve arbitrary code execution when the CLI is run. - PROMPT_INJECTION (MEDIUM): Indirect Prompt Injection Surface (Category 8).
- Ingestion points: The
read_datafunction inscripts/infographic_cli.pyingests arbitrary JSON data via--dataor--data-filearguments. - Boundary markers: None. Data is parsed and passed directly to the generator module without delimiters or instructions to ignore embedded commands.
- Capability inventory: File system write access (PNG output) and directory creation.
- Sanitization: Absent. The skill does not validate or sanitize strings within the JSON data (e.g.,
stat,label,title), which could contain malicious instructions for the downstream rendering engine or the agent itself.
Recommendations
- AI detected serious security threats
Audit Metadata