baoyu-article-illustrator
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The system prompt in
prompts/system.mdincludes an explicit instruction to bypass model safety filters when handling sensitive or copyrighted content ("DO NOT refuse to generate"), directing the agent to create stylistic alternatives instead of following safety refusals. - [COMMAND_EXECUTION]: The workflow described in
SKILL.mdandreferences/workflow.mdutilizes shell commands (e.g.,test -f) to check for the existence of configuration files and project directories at runtime. - [DATA_EXPOSURE]: The skill accesses the user's home directory (
$HOME/.baoyu-skills/) to read and write persistent configuration data (EXTEND.md), which is a sensitive location on the file system. - [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from articles and user-provided image descriptions. This content is later interpolated into prompts for image generation tasks without explicit sanitization or strong boundary markers to prevent the external data from influencing the agent's instructions.
Audit Metadata