baoyu-comic
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted source content to generate comic components.
- Ingestion points: The skill reads source content from user-provided files or pasted text, which is saved to 'source.md' and used to generate storyboards and image prompts.
- Boundary markers: The prompt templates in 'references/base-prompt.md' and 'references/storyboard-template.md' use headers to organize data but do not include explicit delimiters or instructions to ignore commands embedded in the source text.
- Capability inventory: The skill has the ability to execute shell commands via 'npx', read and write to the filesystem, and call other skills.
- Sanitization: No validation or sanitization of the input text is performed before it is processed by the LLM for comic creation.
- [COMMAND_EXECUTION]: The workflow executes local and external scripts to complete the comic generation process.
- Evidence: The skill uses 'npx -y bun' to call a script in a sibling directory ('../baoyu-image-gen/scripts/main.ts') and to execute a local utility ('scripts/merge-to-pdf.ts').
- Evidence: It uses 'test' commands to verify the existence of configuration files in both the project directory and the user's home directory ('~/.baoyu-skills/').
- Context: These operations are essential for the skill's primary function and are performed within a controlled directory structure.
Audit Metadata