infographic-creator
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill generates HTML code that fetches the AntV Infographic library from
unpkg.com, which is a well-known and standard content delivery network for NPM packages. - [COMMAND_EXECUTION]: The skill instructs the agent to use a file-writing tool to save generated HTML files to the local system, which is the primary intended function of the infographic creator.
- [PROMPT_INJECTION]: The skill takes untrusted user input and embeds it into a template that is subsequently written into a JavaScript string within an HTML file. While this creates a potential surface for indirect prompt injection or cross-site scripting (XSS) if the generated file is opened in a browser, this behavior is central to the skill's purpose as a content creator.
- Ingestion points: User-provided text content (SKILL.md).
- Boundary markers: None identified in the HTML generation template.
- Capability inventory: File-writing tool (SKILL.md).
- Sanitization: None identified; the skill directly interpolates input into script backticks.
Audit Metadata