tuzi-cover-image
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill is professionally structured and focuses on creative automation. It manages user preferences through a local 'EXTEND.md' file stored in dedicated skill directories ('.tuzi-skills/' or '$HOME/.tuzi-skills/'), following least-privilege principles.
- [COMMAND_EXECUTION]: The skill employs basic shell commands like 'test -f' to check for the existence of configuration files during initialization. These operations are non-privileged, localized to the skill's own directory, and used solely for workflow orchestration.
- [PROMPT_INJECTION]: The skill manages the risk of indirect prompt injection when processing untrusted article content through structured prompt engineering:
- Ingestion points: Article text and reference images are ingested and saved to 'source.md' and the 'refs/' directory respectively.
- Boundary markers: The prompt construction phase in 'references/workflow/prompt-template.md' uses explicit markdown headers (e.g., '# Content Context', '# Visual Design') and structured fields to isolate user-supplied data from instructions.
- Capability inventory: The skill's capabilities are restricted to file system operations within its workspace and invoking external image generation skills.
- Sanitization: The skill distills article content into keywords and summaries before prompt interpolation, which naturally serves as a sanitization layer against embedded malicious instructions.
Audit Metadata