baoyu-article-illustrator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Command Execution] (LOW): The skill executes shell commands (
test -f) in Step 1.5 to check for the existence of configuration files (EXTEND.md) in the local project directory and the user's home directory. This is a common pattern for managing skill preferences. - [Indirect Prompt Injection] (LOW): The skill processes untrusted user-provided articles to extract concepts for image generation, creating a potential vector for indirect prompt injection.
- Ingestion points: Article content is ingested via file paths or direct text pasting in Step 1.1.
- Boundary markers: Explicit delimiters or 'ignore' instructions for the analysis phase are absent in the provided workflow, though structured prompts are used for the image generation tool.
- Capability inventory: The skill can read/write local files (Step 1.4, Step 6.1) and call an external image generation tool ('nano banana pro').
- Sanitization: No specific sanitization or filtering of the article content is mentioned before it is processed for concept extraction or prompt construction.
Audit Metadata