Skills
skills/yelban/baoyu-skills.tw/baoyu-image-gen/Gen Agent Trust Hub

baoyu-image-gen

Fail

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/providers/google.ts file uses execSync to run a curl command if an HTTP proxy is detected. The command interpolates a URL containing the model ID into a shell string within double quotes. Since the model ID is not sanitized and can be influenced by CLI arguments (and thus potentially by the agent or indirect prompt injection), an attacker could use shell substitution (e.g., $(command)) to execute arbitrary commands.
  • [DATA_EXFILTRATION]: In scripts/main.ts, the loadEnv function reads .env files from the project directory and the user's home directory. This exposes sensitive credentials like OPENAI_API_KEY, GOOGLE_API_KEY, and REPLICATE_API_TOKEN to the agent's process environment.
  • [EXTERNAL_DOWNLOADS]: The skill makes network requests to AI provider APIs (Google, OpenAI, DashScope, Replicate) and downloads generated image files from remote URLs as part of its core functionality.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 14, 2026, 06:32 AM