baoyu-image-gen
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Data Exposure & Exfiltration] (LOW): The skill transmits data to 'dashscope.aliyuncs.com', which is outside the predefined trust whitelist. It also utilizes 'readFile' to load local files specified via the '--ref' argument. While necessary for the 'reference image' feature, this creates a potential data exposure vector if an agent is manipulated into targeting sensitive system files (e.g., SSH keys or config files) instead of images.
- [Indirect Prompt Injection] (LOW): The skill exhibits an attack surface for indirect prompt injection through several ingestion points.
- Ingestion points: CLI '--prompt', '--promptFiles', and '--ref' (multimodal image data).
- Boundary markers: Absent; user-provided text and image data are sent to providers without delimiters or 'ignore' instructions.
- Capability inventory: The skill can read local files and perform network POST operations to external AI APIs.
- Sanitization: No input validation or sanitization is performed on the prompt text or file contents before transmission.
Audit Metadata