baoyu-xhs-images
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) by processing untrusted user content to construct image generation prompts. Ingestion points: User articles and pasted text saved to source.md. Boundary markers: Absent; user content is interpolated without isolation delimiters. Capability inventory: The skill performs file read/write operations and executes shell commands for image generation. Sanitization: While slugs are formatted, no content-level sanitization is performed on the user text used in prompts.
- [COMMAND_EXECUTION]: The skill executes bash commands for checking local configurations and invokes an external workflow via npx -y bun. These operations target the user's home directory and project files to maintain persistent settings and generate visual assets.
Audit Metadata