baoyu-cover-image
Pass
Audited by Gen Agent Trust Hub on May 23, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted article content and user-provided titles to construct prompts for image generation backends (e.g., imagegen).
- Ingestion points: Article content is saved to
source.mdand interpolated intoprompts/cover.md(Step 1 and Step 3). - Boundary markers: Uses markdown headers (e.g.,
# Content Context) in the generated prompt file but lacks explicit "ignore instructions" delimiters for the source content. - Capability inventory: Performs file writes to the local filesystem (
prompts/,refs/, andEXTEND.md) and invokes external image generation tools via the agent's tool interface. - Sanitization: No specific escaping or validation of the article content is performed before interpolation into the generation prompt.
- [COMMAND_EXECUTION]: The skill instructs the agent to perform standard file system checks such as
test -fto verify the existence of reference images. It also manages its own configuration files within standard directories like~/.config/baoyu-skills/. These operations are consistent with its documented functionality and pose no security risk.
Audit Metadata