baoyu-xhs-images

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is a markdown-only instruction set with no executable scripts or external dependencies. It utilizes platform-native tools for user interaction (AskUserQuestion) and image generation (imagegen).
  • [SAFE]: All file operations are scoped to project-specific or user-home directories (.baoyu-skills/, ~/.baoyu-skills/) for storing configuration and generated assets, which is standard behavior for a generator skill.
  • [SAFE]: No evidence of credential harvesting, unauthorized network access, or persistence mechanisms was found. The skill's instructions focus on content analysis, layout planning, and prompt assembly for image generation.
  • [PROMPT_INJECTION]: The prompt assembly guide contains instructions for the downstream image generation tool to produce 'stylistically similar alternatives' if a request involves sensitive or copyrighted figures. While this is a technique to prevent backend generation refusals for creative tasks, it does not target the agent's own safety protocols or system prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 02:26 AM
Security Audit — agent-trust-hub — baoyu-xhs-images