baoyu-article-illustrator
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains instructions in
prompts/system.mdthat direct the agent to "DO NOT refuse to generate" illustrations when sensitive or copyrighted content is involved, which attempts to override safety filters. Additionally, the skill processes untrusted article content, creating an indirect prompt injection surface. - [PROMPT_INJECTION]: Indirect injection evidence: (1) Ingestion points: The skill reads article files and pasted text in
SKILL.mdandreferences/usage.md. (2) Boundary markers: Prompt templates inreferences/prompt-construction.mddo not utilize explicit delimiters to isolate article content. (3) Capability inventory: The skill performs file system operations (read/write/rename) and shell-based existence checks. (4) Sanitization: No input validation or content filtering is implemented for ingested articles. - [COMMAND_EXECUTION]: The skill executes shell-based file existence checks using the
test -fcommand to verify the presence of preference files (EXTEND.md) and reference images as seen inSKILL.mdandreferences/workflow.md.
Audit Metadata