infographics
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill implements a research feature that introduces an indirect prompt injection surface.\n
- Ingestion points:
scripts/generate_infographic_ai.py(via research results from the Perplexity Sonar API).\n - Boundary markers: Absent. Researched facts are directly interpolated into the generation prompt in
_enhance_prompt_with_researchwithout delimiters or defensive instructions.\n - Capability inventory: The skill is granted
Bash,Read,Write, andEdittools inSKILL.md.scripts/generate_infographic.pyusessubprocess.runto trigger worker scripts, andscripts/generate_infographic_ai.pyperforms file writes for images and logs.\n - Sanitization: Absent. There is no filtering or escaping of the research content before it is added to the model's context.\n- [COMMAND_EXECUTION]:
scripts/generate_infographic.pyutilizes thesubprocessmodule to execute internal Python scripts. This is done safely by passing arguments as a list rather than a shell string, which prevents command injection.\n- [EXTERNAL_DOWNLOADS]: The skill makes network requests to the OpenRouter and Perplexity APIs to generate infographics and gather data. These are established services required for the skill's stated purpose.
Audit Metadata