baoyu-article-illustrator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Explicit safety filter bypass instruction found in 'prompts/system.md'. The agent is instructed: 'If content involves sensitive or copyrighted figures, create stylistically similar alternatives
- DO NOT refuse to generate'. This is a direct attempt to override the model's safety and copyright protections.
- [PROMPT_INJECTION] (HIGH): Vulnerability to Indirect Prompt Injection (Category 8). The skill processes untrusted article content to generate structured outlines and prompts for downstream image generation tools. Ingestion point: Article file path or pasted content ('references/usage.md'). Capability: File creation ('outline.md', prompts), calling external image skills ('nano banana pro'), and directory creation. Boundary markers: None found in prompt construction logic. Sanitization: None performed on input content.
- [COMMAND_EXECUTION] (LOW): Basic shell command usage for environment verification. Evidence: 'SKILL.md' uses 'test -f' to check for configuration files in both the project and home directories.
Recommendations
- AI detected serious security threats
Audit Metadata