baoyu-xhs-images
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill includes explicit instructions in
references/workflows/prompt-assembly.mdto bypass safety filters. It directs the agent to 'create stylistically similar alternatives' and 'DO NOT refuse to generate' when encountering requests involving sensitive or copyrighted figures. - [COMMAND_EXECUTION]: The skill utilizes shell commands (e.g.,
test -f) within its workflow to check for the presence of configuration files in the user's home directory ($HOME/.baoyu-skills/). While typical for configuration management, it represents execution of code that interacts with the local system. - [PROMPT_INJECTION]: An indirect prompt injection surface is created because the skill ingests untrusted user content and interpolates it directly into image generation prompts without sanitization.
- Ingestion points: User-pasted content or files read during 'Step 1: Analyze Content'.
- Boundary markers: The prompt assembly in
references/workflows/prompt-assembly.mduses Markdown headers and horizontal rules as delimiters but lacks specific instructions for the AI to ignore instructions embedded within the user's content. - Capability inventory: The skill can execute shell commands (
test), perform file and directory operations (mkdir, write), and invoke external image generation tools. - Sanitization: There is no evidence of filtering or escaping user-provided text before it is inserted into the
{CONTENT_SECTION}of the generation prompt.
Audit Metadata