baoyu-cover-image
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The file references/base-prompt.md contains a directive instructing the model to "DO NOT refuse to generate" when encountering sensitive or copyrighted content, which is a bypass instruction.
- Indirect Prompt Injection (LOW): The skill processes untrusted article content to generate image prompts. Ingestion points: article file paths and pasted text in SKILL.md. Boundary markers: The prompt template in references/base-prompt.md lacks explicit delimiters for user content. Capability inventory: The skill performs file system writes and calls secondary image tools. Sanitization: No input sanitization is documented for the article content.
Audit Metadata