baoyu-comic
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to process untrusted external content (the source material for the comic) and incorporate it into the generation workflow.
- Ingestion points: User-provided content passed as a file argument (e.g.,
content.md) is ingested into the analysis and storyboard generation steps. - Boundary markers: The
references/base-prompt.mduses a weak trailer instruction ("Please generate the comic page based on the content provided below:") without robust delimiters (like XML tags or random nonces) to encapsulate the untrusted data. - Capability inventory: The skill produces multi-page storyboards, character definitions, and detailed image prompts. A successful injection in the source content could force the agent to generate harmful imagery, exfiltrate the system prompt via the comic text, or ignore safety constraints in the resulting prompts.
- Sanitization: There is no evidence of input validation, instruction-guarding, or escaping of the user content before it is processed by the LLM.
Recommendations
- AI detected serious security threats
Audit Metadata