baoyu-xhs-images
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a markdown-only instruction set with no executable scripts or external dependencies. It utilizes platform-native tools for user interaction (
AskUserQuestion) and image generation (imagegen). - [SAFE]: All file operations are scoped to project-specific or user-home directories (
.baoyu-skills/,~/.baoyu-skills/) for storing configuration and generated assets, which is standard behavior for a generator skill. - [SAFE]: No evidence of credential harvesting, unauthorized network access, or persistence mechanisms was found. The skill's instructions focus on content analysis, layout planning, and prompt assembly for image generation.
- [PROMPT_INJECTION]: The prompt assembly guide contains instructions for the downstream image generation tool to produce 'stylistically similar alternatives' if a request involves sensitive or copyrighted figures. While this is a technique to prevent backend generation refusals for creative tasks, it does not target the agent's own safety protocols or system prompts.
Audit Metadata