ai-baoyu-article-illustrator

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill architecture is vulnerable to indirect prompt injection, a condition where malicious instructions embedded in external content could override agent behavior.
  • Ingestion points: Untrusted data enters the execution context through the materialUrl, materialFile, and materialText parameters defined in references/form-schema.json and referenced in SKILL.md.
  • Boundary markers: Absent. The instructions do not define specific delimiters or directives to ensure the agent distinguishes between administrative instructions and processed external content.
  • Capability inventory: The included scripts/run.py script performs network operations, transmitting user-provided data and parameters to the vendor's execution endpoint at https://ai-skills.ai/api/execute.
  • Sanitization: Absent. No evidence of input validation, data escaping, or filtering of the content retrieved from external sources was found in the provided code.
  • [COMMAND_EXECUTION]: The skill includes a standalone Python utility (scripts/run.py) meant to be executed by the user. This script handles environment variable retrieval for authentication, JSON parameter parsing, and manages HTTPS communication with the service provider's API.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:30 AM
Security Audit — agent-trust-hub — ai-baoyu-article-illustrator