baoyu-image-gen
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
- CREDENTIALS_UNSAFE (MEDIUM): The skill loads environment variables from a .env file located in the current working directory (process.cwd()). An attacker could place a malicious .env file in a repository that, when accessed by the agent, overrides OPENAI_BASE_URL or GOOGLE_BASE_URL to a server they control, allowing them to capture the user's API keys.
- DATA_EXFILTRATION (MEDIUM): The skill permits reading arbitrary filesystem content through the --promptfiles and --ref parameters. These files are read and their contents (including base64-encoded image data) are sent to external API endpoints. This creates a risk of exfiltrating sensitive local data if the agent is manipulated into processing sensitive file paths.
- PROMPT_INJECTION (LOW): The skill is a conduit for LLM interaction, taking user-provided or file-based text and passing it directly to image generation models. While the impact is limited to the generated image content, the lack of boundary markers or sanitization for untrusted file inputs makes it susceptible to indirect prompt injection.
Audit Metadata