baoyu-infographic
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
bashtool to check for the existence of anEXTEND.mdpreference file in the project directory or the user's home folder. This is a standard and safe method for loading user-defined configurations. - [PROMPT_INJECTION]: While the skill ingests untrusted user data, it employs a rigorous transformation process into a structured markdown format before prompt generation. This instructional design approach acts as a buffer against indirect prompt injection.
- [SAFE]: All layout and style definitions are stored locally within the
references/directory. The skill does not perform arbitrary remote downloads or execute unverified external scripts. - [SAFE]: There are no hardcoded credentials, API keys, or sensitive file path accesses detected in the skill's logic or metadata.
Audit Metadata