The Agent Skills Directory

[PROMPT_INJECTION]: The system prompt in prompts/system.md contains an explicit directive to bypass safety constraints: 'If content involves sensitive or copyrighted figures, create stylistically similar alternatives
DO NOT refuse to generate'. This is a direct attempt to override the safety filters of the underlying image generation model.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by interpolating untrusted article content into prompt templates in references/prompt-construction.md. Ingestion points: User-provided article content and descriptions. Boundary markers: The templates use header labels (e.g., LABELS, ZONES) but lack robust delimiters or instructions to prevent the model from following commands embedded in the source text. Capability inventory: The skill creates prompt and outline files and invokes image generation tools. Sanitization: There is no evidence of content validation or escaping before interpolation.
[COMMAND_EXECUTION]: The skill uses basic shell commands like test -f in SKILL.md and references/workflow.md to check for the existence of configuration files (EXTEND.md) and reference images. These operations are limited to local file system discovery and do not involve remote code execution.

baoyu-article-illustrator