baoyu-article-illustrator
Warn
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The file
prompts/system.mdcontains an explicit directive ('DO NOT refuse to generate') that instructs the agent to bypass standard safety protocols regarding sensitive or copyrighted figures, suggesting the use of stylistically similar alternatives instead.\n- [PROMPT_INJECTION]: The skill processes untrusted article content and reference images without sanitization or boundary markers, creating a vulnerability to indirect prompt injection.\n - Ingestion points: Article file content and reference images provided by the user.\n
- Boundary markers: Absent; the skill does not instruct the agent to ignore instructions embedded within the article text.\n
- Capability inventory: Access to read local configuration files, capability to write new files (prompts, outlines, images) to the filesystem, and execution of image generation tools.\n
- Sanitization: No validation or sanitization of the input article content is performed.\n- [COMMAND_EXECUTION]: Shell commands such as
test -fare utilized inreferences/workflow.mdto programmatically detect the presence of configuration files and reference images.\n- [DATA_EXFILTRATION]: The skill reads sensitive configuration data from$HOME/.baoyu-skills/and creates multiple files on the local disk (images, prompts, outlines), which involves significant file system interaction based on user-provided input paths.
Audit Metadata