infographics
Pass
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a potential surface for indirect prompt injection via its research integration.
- Ingestion points: In
scripts/generate_infographic_ai.py, theresearch_topicfunction fetches external data from the web using the Perplexity Sonar API. - Boundary markers: The retrieved research data is interpolated into the final generation prompt under a simple text header ("RESEARCHED DATA AND FACTS") without the use of strict delimiters or explicit instructions for the model to ignore any embedded commands within that data.
- Capability inventory: The skill is capable of performing outbound network requests to OpenRouter APIs and writing files (images and JSON logs) to the local filesystem.
- Sanitization: The script does not perform sanitization, filtering, or validation of the content retrieved from the web before it is included in the prompt for the image generation and review models.
Audit Metadata