baoyu-article-illustrator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The
prompts/system.mdfile contains a safety bypass instruction: 'If content involves sensitive or copyrighted figures, create stylistically similar alternatives - DO NOT refuse to generate'. This explicitly instructs the agent to ignore standard safety guardrails concerning copyright.
- [INDIRECT_PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to indirect prompt injection due to its core workflow. Ingestion points: The skill reads external article content from files or user input (Step 1.1). Boundary markers: There are no delimiters or 'ignore embedded instructions' markers used when processing this content (Step 2, Step 4). Capability inventory: The skill has the authority to write to the file system (Step 6.1, Step 4) and invoke other generation skills (Step 5.2). Sanitization: No sanitization of the input text is performed before it is used to generate outlines and prompts.
- [COMMAND_EXECUTION] (LOW): The skill executes shell-level checks (
test -f) in Step 1.5 to locate configuration files. While restricted to existence checks, it demonstrates an reliance on shell command execution for its logic.
Recommendations
- AI detected serious security threats
Audit Metadata