baoyu-cover-image
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (HIGH): The file
references/base-prompt.mdcontains an explicit instruction to ignore standard model refusals concerning sensitive or copyrighted figures ("DO NOT refuse to generate"), which constitutes a direct attempt to bypass safety guardrails and copyright protections.\n- [Prompt Injection] (MEDIUM): The workflow defined inreferences/workflow/prompt-template.mdis vulnerable to Indirect Prompt Injection because it directly interpolates external article data into the prompt generation process without sanitization or structural isolation.\n - Ingestion points: Untrusted data enters via the
Article title,Content summary, andKeywordsfields inreferences/workflow/prompt-template.md.\n - Boundary markers: Absent; the template does not use delimiters (such as XML tags or triple-backticks) to prevent the AI from confusing article content with system instructions.\n
- Capability inventory: The skill is capable of generating prompts that drive external image generation tools and performing file system writes (creating
EXTEND.mdin.baoyu-skills/or~/.baoyu-skills/).\n - Sanitization: Absent; article content is used verbatim without escaping or verification, allowing a malicious article to hijack the prompt generation or the agent's logic.
Recommendations
- AI detected serious security threats
Audit Metadata