baoyu-image-cards
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted user-provided text (articles, pasted content) to generate outlines and prompts for an external image generation tool. Malicious instructions embedded in the input content could potentially influence the agent's analysis or the resulting image generation.\n
- Ingestion points: User-provided text and files processed in
SKILL.mdandreferences/workflows/analysis-framework.md.\n - Boundary markers: Prompt templates in
references/workflows/prompt-assembly.mduse section markers like{CONTENT_SECTION}, but do not provide explicit instructions to the agent to ignore any embedded directives within the user data.\n - Capability inventory: The skill can read/write local files and call an image generation tool (
nano banana pro).\n - Sanitization: No sanitization or escaping of the user-provided content is performed before interpolation.\n- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell and PowerShell commands to check for the existence of its local configuration file (
EXTEND.md) and determine its location. These commands are limited to path existence checks and do not involve remote access or sensitive data operations.\n - Evidence: File check logic in
SKILL.mdusingtest -fandTest-Path.
Audit Metadata