baoyu-comic
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. it ingests untrusted data from user-provided source files or pasted text (saved as source.md) to perform analysis and generate content. If this data contains malicious instructions, the agent may follow them during the storyboard or prompt generation phases. Ingestion points: source.md and user input. Boundary markers: Markdown code blocks. Capability inventory: File writing, script execution (merge-to-pdf), and external skill calls. Sanitization: No explicit sanitization or instructions to ignore embedded commands are present.
- [COMMAND_EXECUTION]: The skill executes local TypeScript scripts using npx and bun. Specifically, it runs
scripts/merge-to-pdf.tsto assemble the final PDF and calls a sibling skill script../baoyu-image-gen/scripts/main.tsfor image generation. - [EXTERNAL_DOWNLOADS]: The skill uses
npx -ywhich can automatically download and install required Node.js packages from the official npm registry at runtime if they are missing from the environment. - [DATA_EXFILTRATION]: The skill accesses the user's home directory (
~/.baoyu-skills/) to read and write persistent configuration files likeEXTEND.md. While used for legitimate preference management, this involves accessing sensitive filesystem paths.
Audit Metadata