baoyu-infographic
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted user-supplied content and interpolates it into a prompt used for image generation without sufficient boundary markers or sanitization.\n
- Ingestion points: User-provided text or files are saved to
source.mdand then processed in Step 2 to createstructured-content.md.\n - Boundary markers: The prompt template in
references/base-prompt.mddirectly interpolates content via the{{CONTENT}}placeholder without using explicit delimiters or providing instructions to ignore nested commands.\n - Capability inventory: The skill possesses capabilities to write multiple files to the local filesystem (analysis, structured content, prompts) and can invoke external tools or skills such as
imagegenorbaoyu-imagineto generate assets.\n - Sanitization: Although the skill instructions explicitly require stripping credentials, API keys, and secrets from outputs, there is no evidence of validation or escaping of the content itself to prevent malicious instructions from influencing the agent's behavior during the prompt generation or image creation steps.
Audit Metadata