baoyu-cover-image
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it extracts titles and summaries from untrusted source articles and interpolates them directly into prompts for downstream image generation tools.
- Ingestion points: The Analyze Content step in SKILL.md reads user-provided article files or pasted text.
- Boundary markers: The prompt template in references/workflow/prompt-template.md uses structural headers but lacks explicit delimiters or instructions to ignore potential commands embedded within the article text.
- Capability inventory: The skill has the ability to read local files, write configuration/prompt files, and execute bash for file system checks.
- Sanitization: No evidence of escaping or filtering of the source content (titles, keywords, or summaries) before they are placed in the prompts/cover.md file.
Audit Metadata