figure-designer
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting and processing untrusted data from users.
- Ingestion points: User-supplied research context, method names, and intent in the 'Overview' section of SKILL.md, as well as image file paths processed using the 'Read tool' in Step 1.
- Boundary markers: The instructions do not define clear delimiters or provide instructions to the model to ignore potential directives embedded within the user-provided context or image content.
- Capability inventory: The skill utilizes the 'Read tool' for vision-based inspection and produces structured text recommendations. It does not possess capabilities for network operations, arbitrary command execution, or file system modifications.
- Sanitization: There is no evidence of validation or sanitization of the input strings before they are incorporated into the design logic.
Audit Metadata