infographics
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/generate_infographic.pyexecutes an internal helper script usingsubprocess.run. This execution is handled safely using argument arrays without a shell, preventing common command injection vulnerabilities. - [EXTERNAL_DOWNLOADS]: The skill performs legitimate network requests to the OpenRouter API (
openrouter.ai) to access AI models for image generation and content review. These operations are core to the skill's functionality. - [CREDENTIALS_UNSAFE]: The implementation correctly manages API credentials by retrieving them from environment variables or a local
.envfile, rather than using hardcoded secrets. - [PROMPT_INJECTION]: The skill processes untrusted research data from Perplexity Sonar (ingestion point: research_topic content in
generate_infographic_ai.py) and interpolates it into prompts for the image generation model. While this establishes an indirect prompt injection surface, the risk is categorized as low due to the use of clear boundary markers (e.g., 'RESEARCHED DATA AND FACTS') and the specific context of the task.
Audit Metadata