Skills
skills/dieterwang7/huateamassistant-baoyu-skills/baoyu-image-gen/Gen Agent Trust Hub

baoyu-image-gen

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [Data Exposure & Exfiltration] (HIGH): The skill can read arbitrary local files and transmit their contents to external AI provider endpoints. Attacker-controlled paths provided to the --ref or --promptfiles arguments can be exploited to exfiltrate sensitive data such as SSH keys, configuration files, or environment variables. Evidence: readFile operations in scripts/providers/google.ts and scripts/providers/openai.ts that pass file data to network fetch calls.
  • [Indirect Prompt Injection] (HIGH): The skill is highly susceptible to indirect prompt injection because it ingests untrusted prompts and file content while possessing the capability to read from the file system and access the network, without implementing any sanitization or boundary protection. 1. Ingestion points: --prompt, --promptfiles, and --ref CLI arguments. 2. Boundary markers: None identified in the script logic. 3. Capability inventory: readFile (file system access), fetch (external network access), and implied file writing for the output image. 4. Sanitization: None.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 08:44 AM