baoyu-infographic
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to ingest and visualize external data which introduces a risk of indirect injection.
- Ingestion points: External content is loaded from user-specified file paths or URLs in
SKILL.md(Step 1). - Boundary markers: The prompt template in
references/base-prompt.mduses the{{CONTENT}}variable without explicit delimiters or instructions to ignore embedded commands, potentially allowing content-based instructions to influence the agent. - Capability inventory: The skill uses tools for reading/writing files (
read_file,write_file), clarifying user intent (clarify), and generating images (image_generate). - Sanitization: The instructions explicitly command the agent to "strip any credentials, API keys, tokens, or secrets" from the source content (SKILL.md, Step 2), which serves as a mitigation against data exposure.
- [NO_CODE]: The skill consists entirely of Markdown instructions and reference files. No executable scripts (e.g., Python or JavaScript) are included, reducing the risk of traditional remote code execution or malware persistence within the skill itself.
Audit Metadata