canghe-cover-image
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill explicitly instructs the model to bypass safety refusals for sensitive or copyrighted figures by creating stylistically similar alternatives in 'references/base-prompt.md'.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its ingestion of external article content. * Ingestion points: Article files and pasted text are processed in Step 1 of the workflow in 'SKILL.md'. * Boundary markers: The 'prompt-template.md' uses Markdown headers but lacks specific delimiters or 'ignore' instructions for user-provided strings. * Capability inventory: The skill can write files, create directories, and invoke external image generation skills. * Sanitization: There is no evidence of sanitization or escaping of the article title or summary before prompt interpolation.
- [COMMAND_EXECUTION]: The skill uses shell commands like 'test -f' and 'mkdir' for configuration checks and directory management as part of its automated workflow in 'SKILL.md' and 'references/config/first-time-setup.md'.
Audit Metadata