baoyu-article-illustrator
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it ingests and processes untrusted article content to drive its logic and prompt generation.
- Ingestion points: Article content is read from a user-provided file path (
path/to/article.md) during Step 1 of the workflow. - Boundary markers: The instructions lack specific boundary markers or "ignore embedded instructions" directives when the agent reads or interpolates the article content.
- Capability inventory: The skill possesses significant capabilities, including creating directories, writing multiple files (prompts, outlines, images), modifying the original source article file, and invoking other image generation skills.
- Sanitization: No sanitization or validation logic is defined to filter out potential malicious instructions embedded within the processed article text before it is used to influence the agent's actions.
Audit Metadata