baoyu-infographic

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted user-supplied content and interpolates it into a prompt used for image generation without sufficient boundary markers or sanitization.\n
  • Ingestion points: User-provided text or files are saved to source.md and then processed in Step 2 to create structured-content.md.\n
  • Boundary markers: The prompt template in references/base-prompt.md directly interpolates content via the {{CONTENT}} placeholder without using explicit delimiters or providing instructions to ignore nested commands.\n
  • Capability inventory: The skill possesses capabilities to write multiple files to the local filesystem (analysis, structured content, prompts) and can invoke external tools or skills such as imagegen or baoyu-imagine to generate assets.\n
  • Sanitization: Although the skill instructions explicitly require stripping credentials, API keys, and secrets from outputs, there is no evidence of validation or escaping of the content itself to prevent malicious instructions from influencing the agent's behavior during the prompt generation or image creation steps.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 02:47 AM
Security Audit — agent-trust-hub — baoyu-infographic