ai-baoyu-image-gen
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface
- Ingestion points: The skill accepts untrusted data through the
materialUrl(URI) andmaterialTextparameters as defined inreferences/form-schema.jsonandSKILL.md. - Boundary markers: Absent. The instructions do not specify the use of delimiters or 'ignore' instructions to encapsulate external content.
- Capability inventory: The skill uses
scripts/run.pyto transmit data to the service API. It does not perform local shell command execution or file system modifications based on the ingested data. - Sanitization: Absent. There is no evidence of URI validation or content filtering before the data is processed by the agent.
Audit Metadata