story-cover
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill connects to an external API service at
yunwu.aito perform image generation tasks. - [COMMAND_EXECUTION]: The skill utilizes several standard system commands (
curl,mkdir,jq,base64) to communicate with the API and process the resulting image data. - [DATA_EXFILTRATION]: User-provided strings, specifically book titles and author names, are transmitted to the external API service as part of the generation prompt.
- [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection as it processes untrusted user data.
- Ingestion points: User-provided inputs for book titles and author names in
SKILL.md. - Boundary markers: The prompt templates use single quotes as delimiters for interpolated strings.
- Capability inventory: The skill includes file system operations (creating directories and writing images) and network operations (
curl) within its instructional scripts. - Sanitization: There is no explicit sanitization or validation of the user-provided strings before they are incorporated into the final prompt sent to the model.
Audit Metadata