baoyu-infographic
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill utilizes Bash commands (
test -f) in its workflow to locate a configuration file (EXTEND.md) within the user's home directory ($HOME). While this is a legitimate method for managing user preferences, it constitutes an execution of shell commands interacting with the local filesystem. - [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it ingests untrusted source material and uses it to synthesize prompts for a downstream image generation tool.
- Ingestion points: External markdown files provided via file path or content pasted directly by the user (Step 1.2).
- Boundary markers: The skill employs structured templates (e.g.,
references/structured-content-template.md) to wrap the content, but lacks specific instructions to ignore embedded adversarial prompts within that content. - Capability inventory: The skill performs filesystem read/write operations and invokes external image generation skills based on its generated prompts.
- Sanitization: No evidence of sanitization or filtering of the source content is present before its interpolation into the final infographic prompt.
Audit Metadata