Skills
skills/zephyrwang6/myskill/baoyu-image-gen/Gen Agent Trust Hub

baoyu-image-gen

Pass

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: SAFE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests content from external files via the --promptfiles argument, which is then concatenated and used as input for image generation models. This creates a surface where malicious instructions embedded in those files could potentially influence the model's output. No specific boundary markers or sanitization logic is present for these inputs.
  • Ingestion points: Content is read from user-specified file paths in scripts/main.ts using the --promptfiles flag.
  • Boundary markers: Absent. Prompt content from files is joined with newlines.
  • Capability inventory: The skill performs file system writes (mkdir, writeFile) and network operations (fetch) via scripts/main.ts and the provider scripts.
  • Sanitization: Absent. File contents are used verbatim as prompt text.
  • [EXTERNAL_DOWNLOADS]: The skill fetches image data from external URLs when using the DashScope provider if the API returns a hosted image URL. This is standard behavior for the DashScope multimodal generation service.
  • [DATA_EXPOSURE]: The skill reads .env configuration files from both the current working directory and the user's home directory (~/.baoyu-skills/.env) to load API keys. This is a standard practice for managing credentials in CLI-based agent skills.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 25, 2026, 03:07 PM