The Agent Skills Directory

[PROMPT_INJECTION]: The references/base-prompt.md file contains a safety bypass instruction stating "DO NOT refuse to generate" when content involves sensitive or copyrighted figures, instead prompting for stylistic alternatives.
[PROMPT_INJECTION]: The skill's workflow and prompt templates (specifically references/workflow/prompt-template.md) utilize authoritative markers like "CRITICAL", "MUST", and "REQUIRED" to override default agent behavior and prioritize specific visual instructions.
[COMMAND_EXECUTION]: The skill manages its configuration by accessing and reading EXTEND.md files from multiple potential paths, including the local project directory, the XDG config path ($HOME/.config/), and the user's home directory ($HOME/.baoyu-skills/).
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface through its content processing workflow.
Ingestion points: Untrusted data enters the agent context via pasted source articles (saved to source.md) and user-provided reference images (saved to the refs/ directory).
Boundary markers: Although markdown headers are used for organization in the references/workflow/prompt-template.md template, there are no explicit boundary markers or instructions to disregard potential commands embedded within the article text.
Capability inventory: The skill performs file system writes (prompts/, refs/, source.md, cover.png) and invokes external image generation tools such as imagegen or baoyu-imagine.
Sanitization: The skill does not implement sanitization, filtering, or validation for the external content interpolated into the generation prompts.

baoyu-cover-image