baoyu-infographic
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its core function of processing untrusted external data and URLs into prompts for an image generation tool. \n
- Ingestion points: User-provided content (text, file paths, or URLs) is saved to source.md in Step 1 of the workflow. \n
- Boundary markers: The prompt template in references/base-prompt.md lacks delimiters or 'ignore' instructions for the interpolated content, which could allow malicious instructions in the source data to influence the agent. \n
- Capability inventory: The skill utilizes write_file for saving source data and prompts, and image_generate for creating the final visual output. \n
- Sanitization: The skill includes a positive security requirement to 'strip any credentials, API keys, tokens, or secrets' from source content before processing, mitigating potential data exposure. \n- [NO_CODE]: The skill package is composed entirely of Markdown instruction files and reference templates. It does not include any executable scripts, binaries, or automated shell commands, which reduces the direct attack surface.
Audit Metadata