comic-creator
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: Orchestrates the generation workflow by executing local scripts (e.g.,
main.tsfrom a siblingbaoyu-image-gendirectory) usingnpxandbun. - [COMMAND_EXECUTION]: Mentions the use of system-level image utilities such as
pngquant,optipng, andsipsfor asset optimization and compression. - [EXTERNAL_DOWNLOADS]: Utilizes
npxfor script execution, which typically fetches packages from the well-known NPM registry if not present locally. The PDF generation script also relies on thepdf-liblibrary. - [PROMPT_INJECTION]: Processes external source content to generate comic storyboards and image prompts, representing a surface for indirect prompt injection.
- Ingestion points: Reads content from
source.md,article.md, or user-pasted text in theSKILL.mdworkflow. - Boundary markers: None identified in the prompt templates to isolate untrusted user data.
- Capability inventory: Includes file system writes (prompts, images, PDFs) and shell execution capabilities (
npx). - Sanitization: No explicit sanitization or validation of the input content is documented.
Audit Metadata