baoyu-article-illustrator
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The file
prompts/system.mdincludes an explicit instruction to ignore safety refusals regarding sensitive or copyrighted content ('create stylistically similar alternatives - DO NOT refuse to generate'). This is an attempt to bypass standard safety protocols that prevent the generation of protected intellectual property.
- [COMMAND_EXECUTION]: The skill's workflow in
SKILL.mdandreferences/workflow.mdutilizes local shell commands (test -f) to verify the existence of configuration files (EXTEND.md) and reference images within the filesystem. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) because it ingests and analyzes external article content to generate image prompts.
- Ingestion points: The agent reads the article provided in the command line or pasted content to identify structure and arguments.
- Boundary markers: The skill uses a template system in
prompts/system.mdthat directs the model to 'generate the illustration based on the content provided below', but does not implement strict sanitization or explicit markers to isolate the user-provided text from instructions. - Capability inventory: The skill has the ability to read/write files and call external image generation tools based on its analysis.
- Sanitization: There is no evidence of input sanitization to prevent an article from containing hidden instructions that could hijack the image generation process.
Audit Metadata