baoyu-infographic
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill does not contain any malicious code, obfuscation, or unauthorized network operations. It uses standard platform tools for file management and image generation.
- [DATA_EXPOSURE]: The skill processes potentially sensitive user data but includes explicit, mandatory instructions to strip credentials, tokens, and secrets before including them in any output files or prompts. This follows security best practices for handling untrusted data.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user data which is interpolated into prompts for image generation.
- Ingestion points: User-provided text, URLs, or file paths are ingested during Step 1 (SKILL.md) and saved to
source.md. - Boundary markers: The skill uses a base prompt template (
references/base-prompt.md) with a{{CONTENT}}placeholder to isolate user data from instructions. - Capability inventory: File read/write operations (
read_file,write_file) and external image generation (image_generate). - Sanitization: The skill explicitly commands the agent to scan and strip credentials, API keys, or secrets from the source content before processing (SKILL.md).
Audit Metadata