baoyu-comic
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it transforms untrusted user-provided text into narrative outlines and detailed image generation prompts.\n
- Ingestion points: User-provided markdown files or text input used as the source for comic creation.\n
- Boundary markers: The skill relies on natural language structure rather than strict adversarial boundary markers to isolate user-provided content from generation instructions.\n
- Capability inventory: The skill can read/write local files and execute shell commands to run generation scripts and PDF utilities.\n
- Sanitization: Source content is analyzed and summarized by the agent, but no explicit sanitization is performed to filter out potentially malicious instructions embedded in the source text.\n- [COMMAND_EXECUTION]: The skill executes local scripts and sibling skill resources to complete the comic workflow.\n
- It runs
scripts/merge-to-pdf.tsusing the Bun runtime to compile images into a PDF.\n - It invokes a sibling skill
baoyu-image-genvia shell commands to generate character sheets and comic pages. These are vendor-owned resources and part of the expected functionality.
Audit Metadata