baoyu-xhs-images
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill's image generation guidelines in
references/workflows/prompt-assembly.mdexplicitly instruct the model to bypass safety filters for sensitive or copyrighted figures by stating 'DO NOT refuse to generate' and demanding stylized alternatives. - [PROMPT_INJECTION]: The skill processes untrusted external data (user-provided text, files, and URLs) to generate prompts for other tools, creating a vulnerability to indirect prompt injection attacks.
- Ingestion points:
SKILL.mdStep 1 (processes pasted content, file paths, and URLs). - Boundary markers: No delimiters or safety instructions are used to isolate user-supplied content within the generated prompts.
- Capability inventory: File system access (
read/write), shell command execution (bash), and image generation skill calls. - Sanitization: No sanitization, filtering, or validation of user input is performed before it is interpolated into prompts.
- [COMMAND_EXECUTION]: The workflow involves executing
bashto verify configuration files in the project and user home directories (.baoyu-skills/EXTEND.md) and references executing local TypeScript scripts via thebunruntime inreferences/workflows/prompt-assembly.md.
Audit Metadata