baoyu-infographic
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses bash commands (
test -f) to check for the existence of configuration files (EXTEND.md) in project and user directories. These commands are predefined and do not execute untrusted user input. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) via the processing of user-supplied source materials.
- Ingestion points: The skill reads external data into
source.mdduring Step 1.2 and processes it intostructured-content.mdin Step 2. - Boundary markers: The prompt template in
references/base-prompt.mduses the{{CONTENT}}placeholder without explicit delimiters or "ignore previous instructions" warnings to separate the untrusted user data from the system's instructions. - Capability inventory: The skill writes multiple files to the filesystem and calls an external image generation tool based on the final prompt, which could be manipulated by embedded commands in the input.
- Sanitization: The skill's core principles explicitly mandate that all source data be preserved verbatim, preventing any summarization or filtering that could mitigate injection attempts.
Audit Metadata