baoyu-image-gen
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill executes its core logic (scripts/main.ts) using the bun runtime via npx. This is a standard and expected method for executing TypeScript-based agent skills in this environment.
- [EXTERNAL_DOWNLOADS] (SAFE): Dependencies listed in package.json, such as @ai-sdk/google, @ai-sdk/openai, and ai, are provided by trusted organizations like Vercel and Google. Other dependencies like pdf-lib and dotenv are standard industry packages.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted input that is eventually passed to an LLM.
- Ingestion points: External data is accepted via CLI arguments including --prompt, --promptfiles, and --ref.
- Boundary markers: The documentation does not specify any delimiters (like triple quotes or XML tags) or system instructions to help the model distinguish between control instructions and data.
- Capability inventory: The skill has the ability to perform network requests to AI service providers and write files to the local filesystem via the --image parameter.
- Sanitization: There is no mention of sanitizing or validating user-provided prompt content or the contents of files read via --promptfiles.
Audit Metadata