baoyu-cover-image
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill includes refusal suppression logic in 'references/base-prompt.md', instructing the generator to create stylistically similar alternatives rather than refusing to generate content involving sensitive or copyrighted figures.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it interpolates untrusted data from articles into image generation prompts. Evidence Chain:
- Ingestion points: Ingests article content from local files or direct user input as described in 'SKILL.md'.
- Boundary markers: Prompt templates in 'references/workflow/prompt-template.md' use markdown headers but lack strong delimiters or explicit instructions to ignore commands within the source text.
- Capability inventory: The skill can write files to the local file system and call secondary image generation skills.
- Sanitization: There is no evidence of sanitization, escaping, or validation of the article content before it is processed.
- [COMMAND_EXECUTION]: The skill's workflow in 'SKILL.md' and 'references/workflow/reference-images.md' involves local shell operations such as checking for configuration files using 'test -f' and copying user-provided reference images into the skill's directory structure.
Audit Metadata