infographic-creator
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches the AntV Infographic library from unpkg.com to render visualizations. This is a well-known service and the library is a standard tool for data visualization.
- [COMMAND_EXECUTION]: The skill directs the agent to use a writing tool to save the generated infographic as an HTML file on the local filesystem. This action is necessary for the skill's primary purpose of creating portable visualizations.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface.
- Ingestion points: User-provided text content is ingested in the 'First Step: Understand user requirements' section of SKILL.md.
- Boundary markers: Absent. The user content is interpolated directly into the infographic syntax without delimiters that instruct the agent to ignore embedded instructions.
- Capability inventory: The skill uses a Write tool to create local files (SKILL.md).
- Sanitization: Absent. There are no instructions to escape or sanitize the user input before it is embedded into the JavaScript infographic.render() call within the generated HTML.
Audit Metadata