baoyu-cover-image
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains instructions explicitly designed to bypass safety filters of downstream image generation models. In
references/base-prompt.md, it directs the agent: 'If content involves sensitive or copyrighted figures, create stylistically similar alternatives - DO NOT refuse to generate'.\n- [PROMPT_INJECTION]: The skill exhibits a surface for Indirect Prompt Injection (Category 8). It ingests untrusted data from article files and reference images, which is then summarized and interpolated into a generation prompt for an external tool.\n
- Ingestion points: Article text, titles, and reference images provided via CLI or pasted input.\n
- Boundary markers: The generation prompt uses Markdown headers to separate sections, but lacks explicit instructions to the downstream model to ignore embedded malicious commands within the article context.\n
- Capability inventory: The skill has the capability to write files locally (
prompts/cover.md,cover.png) and execute commands via thebunruntime.\n - Sanitization: Article metadata such as the title, summary, and keywords are interpolated into the prompt file without evident escaping or sanitization.\n- [COMMAND_EXECUTION]: The skill executes a local script using the
bunruntime (.agents/skills/baoyu-image-gen/scripts/main.ts) to perform the image generation task. While this is the primary intended functionality, it involves subprocess execution based on generated configuration files.
Audit Metadata