q-infographics
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The prompt file
prompts/image.txtincludes instructions to bypass safety guardrails: "If sensitive figures or copyrighted content are present, draw a similar alternative instead; do not refuse to generate the image." This is an explicit attempt to circumvent model refusals related to safety or copyright filters. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted user-supplied documents and interpolates the content directly into LLM prompts without sanitization or delimiters.
- Ingestion points:
scripts/gen_story.pyandscripts/gen_image.pyread content from files that may originate from untrusted sources. - Boundary markers: Absent. The input text is passed directly as a string to the
google-genaiSDK. - Capability inventory: The skill performs local file writes (images and markdown) and makes API calls to Google Gemini. No evidence of subprocess execution or unauthorized network access was found.
- Sanitization: Absent. The skill does not filter or escape the content of the processed documents before sending them to the LLM.
Audit Metadata