infographic-generator
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted user data to generate structured outputs and code.
- Ingestion points: The
contentfield in the Input Schema is the primary entry point for untrusted data. - Boundary markers: Absent. The skill lacks instructions to delimit user input or explicitly ignore embedded instructions within the provided content.
- Capability inventory: The skill generates self-contained HTML/CSS code blocks based on the input data.
- Sanitization: Absent. There are no instructions for the agent to sanitize or escape the input content before interpolating it into the HTML/CSS output.
- [EXTERNAL_DOWNLOADS]: The skill references external tools and repositories for rendering and issue tracking.
- Fetches concepts and inspiration from Vercel's Satori repository, a well-known design tool service.
- Links to the author's own GitHub repositories (
Affitor/content-pipeline,Affitor/affiliate-skills) for feedback and related functionality. - [COMMAND_EXECUTION]: While the skill does not execute commands directly, it instructs the agent to generate HTML/CSS scripts. If an attacker provides content containing malicious scripts (e.g.,
<script>tags), the agent might include them in the generated HTML, leading to potential execution when the user views the infographic.
Audit Metadata