baoyu-article-illustrator
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The
prompts/system.mdfile contains instructions to bypass standard safety filters by explicitly telling the agent: 'DO NOT refuse to generate' when sensitive or copyrighted figures are involved, suggesting 'stylistically similar alternatives' instead. - [COMMAND_EXECUTION]: The skill's workflow in
SKILL.mdandreferences/workflow.mdutilizes shell commands (test -f) to verify file existence. The workflow also describes filesystem management tasks such as copying reference images and creating backups of existing markdown files. - [DATA_EXFILTRATION]: The skill accesses the user's home directory (
~/.baoyu-skills/) to store and retrieve global preference files (EXTEND.md). This practice exposes the agent to paths outside the immediate project scope. - [PROMPT_INJECTION]: The skill has a significant indirect prompt injection surface as it ingests and processes untrusted user articles for structural analysis and illustration generation without implementing sanitization or strict boundary markers.
Audit Metadata