The Agent Skills Directory

[PROMPT_INJECTION]: The skill's base prompt in references/base-prompt.md contains instructions to explicitly ignore refusal guidelines when sensitive or copyrighted figures are involved ("DO NOT refuse to generate"), which constitutes an attempt to bypass agent safety filters.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Ingestion points: Reads article content from local files or direct input as described in SKILL.md. Boundary markers: Uses specific markdown headers and structure to delimit content in the prompt template (references/workflow/prompt-template.md), but lacks robust escaping or specific "ignore embedded instructions" warnings. Capability inventory: Can write files to the local system and call other agent skills for image generation. Sanitization: Summarizes content and extracts keywords, which reduces the risk of accidental obedience but does not fully neutralize malicious instructions embedded in the source article.\n- [COMMAND_EXECUTION]: The skill utilizes shell commands like test, mkdir, and cp in SKILL.md and references/workflow/reference-images.md to manage configuration files in the user's home directory (~/.baoyu-skills/) and organize the project workspace.\n- [DATA_EXFILTRATION]: The skill accesses and reads the content of user-specified files and local configuration files (EXTEND.md) from paths like $HOME/.config/ to provide context for image generation, which results in data derived from local files being processed and sent to external generation capabilities or services.

baoyu-cover-image