baoyu-infographic
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs legitimate operations related to its primary purpose of infographic generation, such as reading source content and writing analysis and prompt files locally.
- [COMMAND_EXECUTION]: Uses standard shell commands (
test -f) to verify the existence of its own configuration files (EXTEND.md) in project and home directories. These commands are benign and do not execute untrusted input. - [DATA_EXFILTRATION]: No network exfiltration or unauthorized access to sensitive system files was found. The skill operates within designated project directories and follows standard file management practices like creating backups with timestamps.
- [PROMPT_INJECTION]: The skill addresses potential indirect prompt injection through clear instructions: (1) Ingestion point: Reads user-provided content from
source.md; (2) Boundary markers: Utilizes structured Markdown sections in analysis and prompts; (3) Capability inventory: Limited to local file creation and calling specified image generation tools; (4) Sanitization: Mandatory rules require the agent to preserve all source data verbatim and avoid summarization, preventing content-based overrides.
Audit Metadata