beaver-cover-image
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains explicit instructions to override safety and content filtering protocols. Within
base-prompt.md, the instructions state that if content involves sensitive or copyrighted figures, the model should 'create stylistically similar alternatives' and explicitly commands it to 'DO NOT refuse to generate'. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by incorporating untrusted external article data into its generation pipeline.
- Ingestion points: Untrusted data enters the context via the article file path or directly pasted content during Step 1.
- Boundary markers: The
prompt-template.mduses markdown headers and placeholders (e.g.,[full original title from source]) but lacks robust delimiters or 'ignore' instructions to prevent the model from obeying instructions embedded in the article title or summary. - Capability inventory: The skill can call external image generation tools and perform file-write operations to the local filesystem.
- Sanitization: The skill does not perform escaping or validation of the article content before interpolating it into the
prompts/cover.mdfile. - [COMMAND_EXECUTION]: The skill uses shell commands (
test -f) to check for the existence of configuration files in the project root and the user's home directory (~/.beaver-skill/). While these are standard operations for preference management, they represent direct execution of system commands.
Audit Metadata