baoyu-cover-image
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No malicious patterns or security vulnerabilities were detected.
- File Operations: The skill uses basic shell commands like
test -fto manage its own configuration file (EXTEND.md) and directory structures. These operations are restricted to the skill's local storage or project-specific paths. - Indirect Prompt Injection (SAFE): The skill ingests untrusted article content to generate prompts for an image generator. This surface is managed by using structured prompt templates (found in
references/base-prompt.md) and triple backtick delimiters to prevent user content from overriding the agent's instructions. - Privacy & Data: There is no evidence of data exfiltration or hardcoded credentials. The skill focuses on processing local content to produce image assets within the user's specified directories.
Audit Metadata