baoyu-comic
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill performs its stated function of comic generation using a series of well-documented steps and templates. The provided script and configuration files contain no malicious logic.
- [COMMAND_EXECUTION]: The skill uses the 'bun' runtime and 'npx' to execute its internal PDF merging script and trigger an image generation skill located in a sibling directory. These commands are executed locally and are strictly for processing comic data.
- [EXTERNAL_DOWNLOADS]: The skill includes a dependency on 'pdf-lib', a well-known library for creating and modifying PDF files. This library is used appropriately within 'scripts/merge-to-pdf.ts' and is fetched through standard package management tools.
- [PROMPT_INJECTION]: The skill takes user input to create comic content. It mitigates potential indirect injection risks by using structured analysis frameworks and storyboard templates that provide clear boundaries between user content and agent instructions. Capability inventory: 'merge-to-pdf.ts' writes files and 'baoyu-image-gen' is called for image creation. Boundary markers: Markdown headers and delimiters in 'references/base-prompt.md'. Ingestion points: user-provided text or files saved as 'source.md'.
Audit Metadata