baoyu-article-illustrator
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The file
prompts/system.mdcontains a direct instruction to bypass safety protocols: "If content involves sensitive or copyrighted figures, create stylistically similar alternatives - DO NOT refuse to generate." This is an explicit filter-bypass command.
- PROMPT_INJECTION (HIGH): The skill possesses a high surface for Indirect Prompt Injection. It ingests untrusted article content (via
SKILL.mdandusage.md) and uses it to construct prompts for a downstream image generation tool. There are no boundary markers or sanitization logic present to prevent instructions inside an article from influencing the agent's behavior. - COMMAND_EXECUTION (LOW): In
SKILL.md, the workflow includes executing bash commands (test -f) to check for configuration files. While restricted to existence checks, this establishes a pattern of local system interaction.
Recommendations
- AI detected serious security threats
Audit Metadata