baoyu-cover-image
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The file
references/base-prompt.mdcontains an explicit instruction to override safety filters: 'If content involves sensitive or copyrighted figures, create stylistically similar alternatives - DO NOT refuse to generate'. This is a directive to bypass standard AI safety protocols regarding restricted or copyrighted content.
- Indirect Prompt Injection (LOW): The skill ingests untrusted data such as article titles and summaries in
references/workflow/prompt-template.mdto construct image generation prompts. - Ingestion points: Untrusted article metadata (title, summary, keywords) are interpolated into the generation prompt.
- Boundary markers: Absent; the template uses standard markdown headers but lacks specific delimiters or 'ignore embedded instructions' warnings for external content.
- Capability inventory: Based on the provided files, the skill generates prompts for image creation and manages local configuration files. No dangerous subprocess or network capabilities were identified in the provided markdown files.
- Sanitization: No evidence of sanitization, validation, or escaping of user-provided content before interpolation.
- No Code (SAFE): No executable scripts (Python, Node.js, Shell) or package dependency files were included in the provided file list. The logic is entirely driven by markdown-based instructions and templates.
Audit Metadata