baoyu-infographic
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by processing untrusted user data and incorporating it into prompts for subsequent tool calls.\n
- Ingestion points: User-provided Markdown files or pasted text inputs are stored as
source.mdand processed intostructured-content.md.\n - Boundary markers: The skill uses standard Markdown headers to separate sections but lacks robust delimiters or explicit instructions to ignore embedded commands within the processed content.\n
- Capability inventory: The skill possesses the ability to execute shell commands (
bash), perform file system operations (write/read), and invoke other AI agent skills (image generation).\n - Sanitization: There is no evidence of input validation, escaping, or filtering for instructions embedded within the source material.\n- [COMMAND_EXECUTION]: The skill utilizes shell commands to perform environmental checks and load configurations.\n
- Evidence: The workflow in
SKILL.mdusesbashto check for the existence ofEXTEND.mdin the user's home directory ($HOME/.baoyu-skills/baoyu-infographic/EXTEND.md). While standard for preference management, this involves shell execution based on user-level environment variables.
Audit Metadata