viz
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data (URLs, uploaded documents, meeting transcripts) and interpolates this content into prompts for secondary LLM calls and HTML generation without sanitization or boundary markers.
- Ingestion points:
SKILL.md(Step 3) acquires content viaweb_fetch,pdfplumber,pandas, and from/mnt/transcripts/. - Boundary markers: Absent. Content is directly embedded into the
design_promptstring inmode-infographic.mdand into HTML templates inmode-publish.mdandmode-visualize.md. - Capability inventory: Includes tool execution (
Excalidraw:create_view,HeyGenverse:create_app,visualize:show_widget), file writing (/mnt/user-data/outputs/), and external network access (Google Gemini API). - Sanitization: No validation or escaping of the ingested content is performed before processing.
- [COMMAND_EXECUTION]: The
mode-infographic.mdreference uses an embedded Python script to process information, interact with an external API, and perform file operations in the local environment. - [EXTERNAL_DOWNLOADS]: The skill performs several network operations across different modes:
- Fetches content from user-provided URLs via
web_fetchinSKILL.md. - Communicates with Google's official Gemini API endpoint to generate visual content in
mode-infographic.md. - Loads the Chart.js library from the Cloudflare CDN in
mode-publish.mdandmode-visualize.md.
Audit Metadata