baoyu-xhs-images
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes bash commands ('test -f') to detect configuration files (EXTEND.md) within the project structure and the user's home directory.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it interpolates untrusted user content into prompts for image generation tools without sufficient isolation. \n
- Ingestion points: User-provided text content or files are ingested and processed in Step 1 of the SKILL.md workflow. \n
- Boundary markers: The prompt assembly workflow (references/workflows/prompt-assembly.md) lacks explicit delimiters or instructions to ignore embedded commands within the interpolated content sections. \n
- Capability inventory: The skill can write multiple files (analysis, prompts, outlines, and images) to the local file system and call external image generation skills. \n
- Sanitization: The skill does not perform sanitization or validation of the input content before using it in the construction of prompts for downstream tools.
Audit Metadata