infographics

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs several automated shell operations to collect data and generate visuals.
  • Evidence: Execution of "gh pr view" to retrieve PR body content for processing.
  • Evidence: Use of "git diff" and "git diff --stat" to build evidence packs for changelog images.
  • Evidence: Runtime execution of local Python scripts using "uv run --script scripts/generate_pr_infographic.py" and "scripts/generate_infographic.py".
  • [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection due to its reliance on untrusted external data.
  • Ingestion points: The skill reads content from GitHub PR bodies (via "gh") and repository history (via "git"), which are controlled by PR authors in "SKILL.md".
  • Boundary markers: While specific markers ("") are used to identify theme blocks, the general PR body content is interpolated into the generation workflow without robust isolation.
  • Capability inventory: The processed data is used to construct prompts for image generation models. Maliciously crafted PR bodies could attempt to manipulate the resulting visual output or the behavior of the generation scripts.
  • Sanitization: The instructions do not specify any validation or sanitization steps for the data retrieved from the PR bodies before it is passed to the generation scripts.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 02:33 PM
Security Audit — agent-trust-hub — infographics