Skills
skills/jimliu/baoyu-skills/baoyu-image-gen/Gen Agent Trust Hub

baoyu-image-gen

Warn

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/providers/google.ts uses execSync to run curl for API requests when an HTTP proxy is detected. It constructs the command using string interpolation of environment variables.
  • Evidence: In postGoogleJsonViaCurl, the code builds proxyArgs using process.env.HTTPS_PROXY (or similar) and interpolates it directly into the shell command string: curl ... ${proxyArgs} "${url}" ....
  • Risk: This pattern is vulnerable to command injection if an environment variable is set to a malicious value containing shell metacharacters (e.g., backticks or semicolons).
  • [DATA_EXFILTRATION]: The skill is configured to read sensitive environment files and transmit data to external services.
  • Evidence: The script reads API keys and configuration from ~/.baoyu-skills/.env and project-local .env files. It also reads user-specified local files via --promptfiles and --ref arguments to send their content to external AI providers (OpenAI, Google, Alibaba, Replicate).
  • Context: While this is core to the skill's functionality, it establishes a data flow from the local filesystem to external network endpoints.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 9, 2026, 11:47 AM