Skills
skills/k-dense-ai/scientific-agent-skills/infographics/Gen Agent Trust Hub

infographics

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/generate_infographic.py uses subprocess.run to call a secondary generation script. It uses an argument list for execution, which is a secure practice that avoids shell injection vulnerabilities.- [EXTERNAL_DOWNLOADS]: The skill connects to openrouter.ai to interact with Perplexity and Gemini APIs for data research and image generation. These requests target a well-known and expected service provider for such tasks.- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface in scripts/generate_infographic_ai.py where external research data is used to build prompts. \n
  • Ingestion points: Research results from Perplexity Sonar are incorporated into the image generation prompt in the generate_iterative method. \n
  • Boundary markers: Research content is concatenated with the prompt instructions without delimiters or markers to distinguish it from agent commands. \n
  • Capability inventory: The skill has the capability to generate images and write them to the filesystem via the OpenRouter API. \n
  • Sanitization: There is no filtering or validation of the text retrieved from the research phase before it is used in the prompt instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 05:35 AM