baoyu-infographic
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes basic bash commands (
test -fandecho) to determine if a configuration file (EXTEND.md) exists in the project directory or the user's home directory. These commands are standard for configuration detection and do not pose a security risk. - [PROMPT_INJECTION]: The skill includes a surface for indirect prompt injection by processing untrusted user content and interpolating it into an image generation prompt template. However, the skill incorporates explicit instructions to 'Preserve all source data verbatim' and 'No new information', which are intended to maintain data integrity and limit the influence of potentially malicious instructions within the source content.
- [REMOTE_CODE_EXECUTION]: The skill mentions calling an external 'image generation skill'. This is a standard inter-skill interaction and does not involve the execution of arbitrary or untrusted remote code on the host system.
Audit Metadata