bobo-skill
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references a container image
quay.io/cooloo9871/bobo:latest. This is a vendor-owned resource hosted on a well-known container registry. - [PROMPT_INJECTION]: The
generate_bobo.pyscript accepts user-influenced inputs (image and replicas) and interpolates them directly into a YAML template using f-strings without sanitization. - Ingestion points: Command-line arguments
imageandreplicasinscripts/generate_bobo.py. - Boundary markers: Absent; the script produces raw YAML output for the agent to display.
- Capability inventory: The script contains no subprocess calls, file-system modifications, or network operations; it only prints to standard output.
- Sanitization: Absent; inputs are injected directly into the template string.
Audit Metadata