baoyu-cover-image
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted data from user-provided articles or text. It extracts titles, summaries, and keywords to populate a generation prompt template without sanitization.
- Ingestion points: Input article files or pasted text processed in Step 1 of the SKILL.md workflow.
- Boundary markers: The prompt template in
references/workflow/prompt-template.mduses headers but does not include explicit delimiters or instructions to ignore embedded commands within user data. - Capability inventory: Access to local file systems (read/write) for saving prompts and references, and execution of image generation tools.
- Sanitization: There is no evidence of validation or filtering of user-supplied text before its inclusion in the generation prompt.
Audit Metadata