infographics
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes user-supplied text to generate infographics. Ingestion points: User input provided via the prompt argument in scripts/generate_infographic.py is utilized throughout the generation and research phases. Boundary markers: Absent. User input is interpolated directly into system instructions within scripts/generate_infographic_ai.py without protective delimiters or constraints. Capability inventory: The skill utilizes network access (requests.post), subprocess execution (subprocess.run), and filesystem operations (Path.write_bytes). Sanitization: Absent. No validation or escaping is applied to user strings before they are incorporated into model prompts.
- [EXTERNAL_DOWNLOADS]: The skill communicates with the OpenRouter API (openrouter.ai) and Perplexity (via OpenRouter) to perform research and generate images. These are recognized services essential to the skill's operation.
Audit Metadata