baoyu-xhs-images
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Instructions in 'references/workflows/prompt-assembly.md' explicitly direct the agent to circumvent safety filters. It states that if content involves sensitive or copyrighted figures, the agent should create stylistically similar alternatives and 'DO NOT refuse to generate'.
- [COMMAND_EXECUTION]: The 'SKILL.md' file uses Bash commands ('test -f') to check for the existence of configuration files. This includes accessing paths within the user's home directory ('$HOME/.baoyu-skills/baoyu-xhs-images/EXTEND.md'), which is an overreach of file system access.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. 1. Ingestion points: User-provided content is saved to 'source.md' or referenced via file paths. 2. Boundary markers: No delimiters or 'ignore' instructions are used in the 'references/workflows/prompt-assembly.md' template. 3. Capability inventory: The skill generates prompts that are executed by an image generation tool ('nano banana pro'). 4. Sanitization: There is no evidence of sanitization or validation of the ingested content before it is interpolated into the '{CONTENT_SECTION}' of the final prompt.
Audit Metadata