ai-baoyu-image-cards

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill transmits user-provided parameters (such as 'materialText', 'materialUrl', and 'materialFile') to the external domain 'https://ai-skills.ai' via the 'scripts/run.py' utility. This transmission is a core function required to process the visual assets and content as described in the skill documentation.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by accepting and processing untrusted external inputs. These inputs are subsequently used by an AI model to generate analysis and recommendations.
  • Ingestion points: Data enters the system via 'materialText' (visual briefs), 'materialUrl' (external links), and 'materialFile' (uploaded documents) as specified in 'references/form-schema.json'.
  • Boundary markers: The instructions do not define specific markers or guardrails to differentiate between user data and system instructions during processing.
  • Capability inventory: The skill uses a Python runner to facilitate network requests and poll for execution results from a remote API.
  • Sanitization: There is no visible client-side sanitization or validation of the ingested content prior to its transmission to the service.
  • [COMMAND_EXECUTION]: The skill includes 'scripts/run.py', a standalone Python script designed to be executed by the user to interface with the AI Skills backend. The script implements logic for environment variable handling, API authentication via headers, and SSL management.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:30 AM
Security Audit — agent-trust-hub — ai-baoyu-image-cards