Skills
skills/xy121718/baoyu-skills/baoyu-image-gen/Gen Agent Trust Hub

baoyu-image-gen

Warn

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: In scripts/providers/google.ts, the script uses execSync to call curl. The command string is built by interpolating environment variables like GOOGLE_BASE_URL and proxy settings. Since scripts/main.ts loads environment variables from .baoyu-skills/.env within the current working directory, a malicious project could use this file to inject and execute arbitrary shell commands.
  • [EXTERNAL_DOWNLOADS]: The skill's provider scripts for DashScope and Replicate download images from URLs provided by their APIs using fetch. This could be leveraged for SSRF if the API response is manipulated to point to internal or sensitive network resources.
  • [PROMPT_INJECTION]: The SKILL.md uses emphatic language and 'CRITICAL' markers to mandate a setup sequence. While intended for functional correctness, these instructions employ override patterns that attempt to bypass standard agent decision-making processes.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 3, 2026, 01:19 PM