image-generation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is vulnerable to indirect prompt injection as it ingests untrusted data and has file-writing capabilities.
- Ingestion points: Data points, labels, and titles passed to functions such as create_bar_chart, create_network_diagram, and create_flowchart in SKILL.md and REFERENCE.md.
- Boundary markers: Absent. There are no instructions or delimiters to isolate untrusted data from the agent's instructions.
- Capability inventory: The skill uses matplotlib.pyplot.savefig and graphviz.render to create and modify files on the local filesystem.
- Sanitization: None. Input strings are used directly in the generation of charts and diagrams without validation or escaping.
- Dynamic Execution (MEDIUM): The diagram functions dynamically generate DOT source code based on user input and execute it through the system Graphviz binary, which can lead to unintended behavior if input is maliciously crafted.
- Unverifiable Dependencies & Remote Code Execution (LOW): The skill relies on external packages matplotlib, pillow, graphviz, and numpy. These are standard, reputable libraries, and their download/reference is considered low risk per security guidelines.
Recommendations
- AI detected serious security threats
Audit Metadata