baoyu-cover-image
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted text from user-provided articles to generate image prompts.
- Ingestion points: Step 1 allows the agent to read content from arbitrary file paths or direct text input provided by the user, which is saved as
source-article.md. - Boundary markers: Step 5 (Create Prompt File) shows that extracted information like 'Main topic' and 'Visual elements' are interpolated directly into a markdown template for the image generator without explicit delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill has the capability to write files to the local file system (
cover-image/directory) and invoke external image generation skills with the generated prompts. - Sanitization: There is no evidence of sanitization, filtering, or validation of the extracted content before it is used to construct the final prompt for the downstream AI tool.
Audit Metadata