The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains explicit instructions to override safety guidelines when interacting with downstream tools.\n
Evidence: In references/workflows/prompt-assembly.md, the instructions state: "If content involves sensitive or copyrighted figures, create stylistically similar alternatives
DO NOT refuse to generate". This is a direct command to bypass safety filters regarding restricted or copyrighted material during image generation.\n- [PROMPT_INJECTION]: The skill has a significant attack surface for indirect prompt injection as it processes untrusted user content and feeds it into other tools.\n
Ingestion points: User-provided article files or pasted text are ingested in "Step 1: Analyze Content".\n
Boundary markers: The skill uses triple-dash delimiters and section headers in its prompt templates but does not include explicit instructions for the agent to ignore embedded commands within the source text.\n
Capability inventory: The skill is capable of writing files to the local disk, executing shell commands, and calling an image generation skill.\n
Sanitization: There is no evidence of sanitization or validation of the source content before it is interpolated into the final image generation prompt in references/workflows/prompt-assembly.md.\n- [COMMAND_EXECUTION]: The skill uses shell commands to manage its environment and configuration.\n
Evidence: SKILL.md instructs the agent to use bash commands like test -f \"$HOME/.baoyu-skills/baoyu-xhs-images/EXTEND.md\" to check for the existence of preference files.\n- [DATA_EXFILTRATION]: The skill accesses the user's home directory to read and write configuration and project data.\n
Evidence: The skill reads from and writes to paths like $HOME/.baoyu-skills/baoyu-xhs-images/EXTEND.md. While these are skill-specific, accessing the home directory structure is a sensitive operation that could be abused if the skill's logic is compromised.

baoyu-xhs-images