baoyu-cover-image
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill includes a prompt template in
references/base-prompt.mdwith the instruction 'DO NOT refuse to generate' for sensitive or copyrighted figures, which is a directive aimed at bypassing standard AI safety guardrails. - [COMMAND_EXECUTION]: The skill manages local configuration and source files by executing shell commands such as
test -fand performing file write operations within the user's home directory (~/.baoyu-skills/) and project directories. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by incorporating untrusted article content into its generation logic.
- Ingestion points: Article content is read from local file paths (e.g.,
article.md) or direct text input. - Boundary markers: The prompt template uses Markdown headers like
# Content Contextto separate user content but lacks explicit directives to the model to ignore any instructions embedded within that content. - Capability inventory: The skill can read and write local files and invoke secondary image generation tools.
- Sanitization: No sanitization or escaping of user-provided content is performed before it is added to the generation prompt.
Audit Metadata