baoyu-image-gen
Fail
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: Arbitrary command execution vulnerability via shell injection in
scripts/providers/google.ts. ThepostGoogleJsonViaCurlfunction, which handles requests when an HTTP proxy is configured, constructs a shell command string forcurlby interpolating themodelparameter. This parameter is not properly sanitized, allowing an attacker to inject shell commands by including double quotes and shell metacharacters in the model name. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface. User-provided prompts and the content of prompt files are interpolated directly into API requests sent to AI models. This could allow malicious input to influence or override the image generation instructions.
- [EXTERNAL_DOWNLOADS]: The skill interacts with external AI provider APIs including Google, OpenAI, DashScope, Replicate, and APIMart to generate and download images. These are well-known services and essential for the skill's purpose.
- [COMMAND_EXECUTION]: The entry point uses
npx -y bunto execute the main script, which involves the dynamic resolution and potential remote execution of the Bun runtime environment.
Recommendations
- AI detected serious security threats
Audit Metadata