baoyu-image-gen
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill interacts with trusted image generation services from Google, OpenAI, and DashScope (Alibaba) using official API endpoints. All network activity is directed toward these well-known and authenticated services.
- [COMMAND_EXECUTION]: Executes the core script using
npx -y bun, which is a standard practice for running TypeScript code within the Bun runtime environment. - [DATA_EXFILTRATION]: Reads configuration files and environment variables from user-defined paths (~/.baoyu-skills/) to retrieve API keys. This sensitive data is only used for intended authentication with official service providers.
- [EXTERNAL_DOWNLOADS]: Downloads generated images from URLs returned by the service providers. Since these providers are trusted and the downloads are essential for the skill's purpose, this is considered safe.
- [PROMPT_INJECTION]: The skill processes untrusted user input from command-line arguments and local files to generate prompts for AI models. While this presents an indirect prompt injection surface, it is fundamental to the skill's operation.
- Ingestion points: Prompt text from the
--promptargument, content from files via--promptfiles, and reference images via--ref. - Boundary markers: The prompt content is interpolated directly into API requests without specific delimiters or isolation instructions.
- Capability inventory: Authenticated network requests to AI APIs, image downloads from remote URLs, and local file reading/writing (e.g., in scripts/main.ts and providers/google.ts).
- Sanitization: No input validation or sanitization is applied to the prompt strings or file contents before transmission.
Audit Metadata