Skills
skills/jimliu/baoyu-skills/baoyu-image-gen/Gen Agent Trust Hub

baoyu-image-gen

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it ingests untrusted text from user prompts and files which is then interpolated into requests for external AI models.
  • Ingestion points: The --prompt command-line argument and files specified via --promptfiles (e.g., in scripts/main.ts).
  • Boundary markers: Absent; user content is concatenated directly into prompt strings.
  • Capability inventory: Includes network operations (API calls to providers) and file write operations (saving generated images).
  • Sanitization: No sanitization or escaping of the ingested text is performed before it is sent to the AI providers.
  • [COMMAND_EXECUTION]: The skill executes the curl binary using execFileSync in scripts/providers/google.ts. This is implemented as a workaround for a Bun runtime fetch issue with proxies. Arguments are constructed from configuration and environment variables, and the execution does not use a shell, minimizing risk.
  • [EXTERNAL_DOWNLOADS]: The skill downloads generated image files from the CDNs of the AI service providers (e.g., Google, OpenAI, Alibaba). These downloads are required for the skill's primary function of providing image output to the user.
  • [DATA_EXFILTRATION]: As part of its core functionality, the skill transmits user-provided prompts and reference images to external AI service providers. These transmissions target official API endpoints of well-known services.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 02:11 AM