baoyu-infographic
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to its core functionality of processing and visualizing untrusted user content.\n
- Ingestion points: Untrusted data enters the agent context through user-provided files or pasted text, which are saved as source.md and analyzed in SKILL.md (Step 1).\n
- Boundary markers: While the skill uses templates like references/base-prompt.md with placeholders such as {{CONTENT}}, there are no explicit boundary markers or instructions to the image generator to disregard embedded commands in the user data.\n
- Capability inventory: The skill has the capability to write multiple markdown files to the local filesystem and invoke downstream image generation tools (Step 6).\n
- Sanitization: The skill lacks sanitization mechanisms, as it is designed to preserve source data 'verbatim,' which could allow malicious instructions in the input to be passed to the image generation tool.
Audit Metadata