baoyu-article-illustrator
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of processing external article text.
- Ingestion points: The agent reads article content from provided file paths or direct text input during 'Step 2: Analyze' (SKILL.md).
- Boundary markers: The workflow does not specify the use of delimiters or 'ignore' instructions to isolate the ingested article content from the agent's internal logic.
- Capability inventory: The skill has access to 'bash' for file system checks and 'write' for generating prompt files and outlines.
- Sanitization: There is no evidence of sanitization or filtering of the ingested text before it is analyzed to determine illustration positions and content.
- [COMMAND_EXECUTION]: The skill utilizes the 'bash' tool for environment and file system verification.
- Evidence: Uses
test -fcommands to check for the existence of theEXTEND.mdconfiguration file in both the project directory and the user's home directory ($HOME/.baoyu-skills/) to load preferences (SKILL.md, references/workflow.md). - [EXTERNAL_DOWNLOADS]: The skill documentation refers to external package execution for its runtime environment.
- Evidence: The 'OpenClaw Preflight Checks' section in SKILL.md mentions the use of
npx -y bunto ensure the Bun runtime is available. While Bun is a well-known and trusted tool,npx -ydownloads and executes packages from the npm registry.
Audit Metadata