baoyu-cover-image

Pass

Audited by Gen Agent Trust Hub on May 23, 2026

Risk Level: SAFE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted article content and user-provided titles to construct prompts for image generation backends (e.g., imagegen).
  • Ingestion points: Article content is saved to source.md and interpolated into prompts/cover.md (Step 1 and Step 3).
  • Boundary markers: Uses markdown headers (e.g., # Content Context) in the generated prompt file but lacks explicit "ignore instructions" delimiters for the source content.
  • Capability inventory: Performs file writes to the local filesystem (prompts/, refs/, and EXTEND.md) and invokes external image generation tools via the agent's tool interface.
  • Sanitization: No specific escaping or validation of the article content is performed before interpolation into the generation prompt.
  • [COMMAND_EXECUTION]: The skill instructs the agent to perform standard file system checks such as test -f to verify the existence of reference images. It also manages its own configuration files within standard directories like ~/.config/baoyu-skills/. These operations are consistent with its documented functionality and pose no security risk.
Audit Metadata
Risk Level
SAFE
Analyzed
May 23, 2026, 03:15 AM
Security Audit — agent-trust-hub — baoyu-cover-image