baoyu-comic
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The skill contains strict instructional logic, such as the blocking operations defined in
first-time-setup.md, to manage the agent's workflow state. These are functional constraints designed to ensure proper configuration and do not attempt to bypass core AI safety filters or exfiltrate system prompts. - Data Exposure & Exfiltration (SAFE): No hardcoded credentials, API keys, or sensitive file paths (like SSH keys or AWS configs) were found. The skill does not perform unauthorized network requests; the provided script
merge-to-pdf.tsonly performs local file system operations. - Unverifiable Dependencies (SAFE): The PDF generation script uses the standard
pdf-liblibrary. There are no patterns of downloading and executing remote scripts or unverified third-party packages at runtime. - Indirect Prompt Injection (LOW): The skill processes user-provided source material to generate image prompts. While this is a standard capability, there is a theoretical surface for indirect injection where source content could attempt to influence the visual output or instructions. The skill uses boundary markers (triple backticks) in its
base-prompt.mdtemplate to help mitigate this risk. - Command Execution (SAFE): The skill includes a TypeScript script (
merge-to-pdf.ts) intended for local execution via Bun. This script is limited to reading image files and merging them into a PDF document; it does not utilizeeval(),exec(), or other dangerous dynamic execution patterns.
Audit Metadata