baoyu-comic
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process untrusted user input (source content) to generate comic storyboards and image prompts. This inherently creates a surface for indirect prompt injection.
- Ingestion points: User-provided markdown files or text input provided during the content analysis phase.
- Boundary markers: The skill uses structured templates (e.g., storyboard-template.md, character-template.md) and strict workflow steps to guide the agent, providing some structural boundaries.
- Capability inventory: The skill invokes image generation tools and executes a local script for PDF merging.
- Sanitization: There is no explicit sanitization of the input content before it is processed by the LLM.
- [COMMAND_EXECUTION]: The skill utilizes the
bunruntime to execute a local utility script (scripts/merge-to-pdf.ts). This script is used to compile generated comic pages into a final PDF file. - [EXTERNAL_DOWNLOADS]: The PDF merging script relies on the
pdf-liblibrary, which is a well-known and standard package for PDF manipulation.
Audit Metadata