Skills
skills/erafat/skills/baoyu-image-gen/Gen Agent Trust Hub

baoyu-image-gen

Pass

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes a local TypeScript entry point (main.ts) using the bun runtime to orchestrate API interactions and file management.
  • [EXTERNAL_DOWNLOADS]: Retrieves generated image data from OpenAI's and Google's official API endpoints.
  • [DATA_EXFILTRATION]: Transmits user-provided prompts and reference images to external AI service providers (Google and OpenAI) as part of the intended functionality.
  • [PROMPT_INJECTION]: The skill processes content from external files via the --promptfiles argument, establishing a surface for indirect prompt injection.
  • Ingestion points: scripts/main.ts reads text from file paths provided in the --promptfiles CLI argument.
  • Boundary markers: Absent; contents of multiple files are concatenated and passed directly to the AI provider.
  • Capability inventory: The skill has the capability to write to the filesystem (saving images) and perform network operations (API calls).
  • Sanitization: No validation or sanitization of the file content is performed before transmission to the model.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 26, 2026, 09:05 AM