baoyu-xhs-images
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- Prompt Injection (MEDIUM): The file
references/workflows/prompt-assembly.mdincludes explicit instructions to override safety constraints. It states: 'If content involves sensitive or copyrighted figures... DO NOT refuse to generate.' This is a direct command to bypass standard AI safety protocols regarding intellectual property and sensitive subjects. - Data Exposure & Exfiltration (LOW): The setup logic in
references/config/first-time-setup.mdcreates and modifies files in the user's home directory (~/.baoyu-skills/). While used for storing preferences, this capability involves accessing sensitive paths that could be abused for broader data exposure. - Indirect Prompt Injection (LOW): The skill's core workflow in
references/workflows/analysis-framework.mdinvolves analyzing untrusted 'source material' to drive subsequent actions like file writing and prompt generation. - Ingestion points: Untrusted source material is analyzed in
analysis-framework.mdto produceanalysis.md. - Boundary markers: No delimiters or safety warnings are used to isolate untrusted input from agent instructions.
- Capability inventory: The skill performs file writes (
analysis.md,outline.md) and assembles prompts for downstream image generation tools (nano banana pro). - Sanitization: There is no evidence of input validation or escaping for the processed material.
Audit Metadata