Skills
skills/prettyhe/baoyu-skills/baoyu-cover-image/Gen Agent Trust Hub

baoyu-cover-image

Warn

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The file references/base-prompt.md includes explicit instructions to override safety guardrails: "If content involves sensitive or copyrighted figures, create stylistically similar alternatives
  • DO NOT refuse to generate". This is an attempt to bypass standard refusals related to intellectual property.
  • [PROMPT_INJECTION]: The skill ingests untrusted article content and reference images to generate prompts, creating an indirect prompt injection surface.
  • Ingestion points: Content is read from user-provided file paths or direct input in SKILL.md.
  • Boundary markers: The skill uses markdown headers like "# Content Context" in references/workflow/prompt-template.md but lacks robust delimiters or warnings to ignore embedded instructions.
  • Capability inventory: The skill can write files to the local system (configuration, prompt files, images) and call other image generation skills.
  • Sanitization: No sanitization or validation of the input content is performed before it is used to construct generative prompts.
  • [COMMAND_EXECUTION]: The skill uses shell commands like test -f within the logic of SKILL.md to verify the existence of project or user-level configuration files.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 1, 2026, 01:05 AM