baoyu-cover-image
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The file 'references/base-prompt.md' contains a direct instruction to bypass safety filters: 'If content involves sensitive or copyrighted figures... DO NOT refuse to generate'. This is a clear attempt to override core safety protocols.\n- PROMPT_INJECTION (MEDIUM): The skill is vulnerable to Indirect Prompt Injection (Category 8). It ingests untrusted article content (Step 1) and interpolates extracted data directly into prompts for an external image generation tool (Step 5) without boundary markers or sanitization. An attacker could embed instructions in an article to manipulate the resulting image generation prompt.\n- DYNAMIC_EXECUTION (MEDIUM): The 'Extension Support' feature loads 'EXTEND.md' from the current working directory to override skill behavior. This creates a risk where a malicious extension file in a project directory could hijack the agent's logic when the skill is executed in that context.
Recommendations
- AI detected serious security threats
Audit Metadata