baoyu-cover-image
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The
references/base-prompt.mdfile contains instructions aimed at the downstream image generation model to bypass safety filters for sensitive or copyrighted content by instructing it to 'DO NOT refuse to generate' and instead create 'stylistically similar alternatives'. This is a direct attempt to override safety guardrails for the image generation process.- Indirect Prompt Injection (LOW): The skill processes untrusted user data (articles and pasted text) and interpolates it into a prompt for image generation. - Ingestion points: File input (article.md) and direct text input defined in Step 1 of the workflow.
- Boundary markers: The prompt template in
references/base-prompt.mduses markdown sections to separate instructions from content but lacks explicit instructions to the model to ignore any embedded directives within the user-provided article content. - Capability inventory: The skill writes to the local file system (
prompts/cover.md) and invokes external image generation tools. - Sanitization: There is no evidence of sanitization or filtering of the input text before it is used to construct the final prompt, creating a surface for an attacker to influence the image generation or the agent's next steps.
Audit Metadata