baoyu-xhs-images
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to detect and load configuration files from
.baoyu-skills/baoyu-xhs-images/EXTEND.mdand the user's home directory during the initialization step. - [PROMPT_INJECTION]: The prompt assembly guidelines contain a directive instructing the image generator to 'DO NOT refuse to generate' and to create 'stylistically similar alternatives' if sensitive or copyrighted figures are detected. This is intended to ensure content continuity by bypassing typical model refusal behaviors.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted user content for analysis and subsequent image prompt generation, creating a surface for indirect injection.
- Ingestion points: User-provided articles or pasted text are read in 'Step 1' and 'Step 2' and stored in files like
source.mdandanalysis.md. - Boundary markers: The skill organizes content using Markdown headers and YAML frontmatter, but it does not implement explicit 'ignore instruction' delimiters for the user-provided data.
- Capability inventory: The skill performs file read/write operations and triggers image generation skills via the agent's tool-calling capabilities.
- Sanitization: No explicit sanitization or filtering logic is specified for the user content before it is used in the image prompt templates.
Audit Metadata