content-illustrator
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
run_commandtool to execute a local Python script (doubao_image_gen.py) and create directories (mkdir -p assets/images) for managing image assets. - [EXTERNAL_DOWNLOADS]: Contains references to Volcengine API documentation and an external GitHub repository. These are informational links to well-known or relevant developer resources.
- [PROMPT_INJECTION]: The skill processes article content via
read_file, creating a surface for indirect prompt injection. Evidence Chain: 1. Ingestion point: article content read in SKILL.md; 2. Boundary markers: absent; 3. Capability inventory: execution of commands viarun_commandand file updates; 4. Sanitization: absent. The risk is minimized by the structured workflow and the intermediate generation of an illustration plan.
Audit Metadata