ai-baoyu-article-illustrator
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill architecture is vulnerable to indirect prompt injection, a condition where malicious instructions embedded in external content could override agent behavior.
- Ingestion points: Untrusted data enters the execution context through the
materialUrl,materialFile, andmaterialTextparameters defined inreferences/form-schema.jsonand referenced inSKILL.md. - Boundary markers: Absent. The instructions do not define specific delimiters or directives to ensure the agent distinguishes between administrative instructions and processed external content.
- Capability inventory: The included
scripts/run.pyscript performs network operations, transmitting user-provided data and parameters to the vendor's execution endpoint athttps://ai-skills.ai/api/execute. - Sanitization: Absent. No evidence of input validation, data escaping, or filtering of the content retrieved from external sources was found in the provided code.
- [COMMAND_EXECUTION]: The skill includes a standalone Python utility (
scripts/run.py) meant to be executed by the user. This script handles environment variable retrieval for authentication, JSON parameter parsing, and manages HTTPS communication with the service provider's API.
Audit Metadata