baoyu-infographic

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to ingest and visualize external data which introduces a risk of indirect injection.
  • Ingestion points: External content is loaded from user-specified file paths or URLs in SKILL.md (Step 1).
  • Boundary markers: The prompt template in references/base-prompt.md uses the {{CONTENT}} variable without explicit delimiters or instructions to ignore embedded commands, potentially allowing content-based instructions to influence the agent.
  • Capability inventory: The skill uses tools for reading/writing files (read_file, write_file), clarifying user intent (clarify), and generating images (image_generate).
  • Sanitization: The instructions explicitly command the agent to "strip any credentials, API keys, tokens, or secrets" from the source content (SKILL.md, Step 2), which serves as a mitigation against data exposure.
  • [NO_CODE]: The skill consists entirely of Markdown instructions and reference files. No executable scripts (e.g., Python or JavaScript) are included, reducing the risk of traditional remote code execution or malware persistence within the skill itself.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 03:14 AM
Security Audit — agent-trust-hub — baoyu-infographic