40Medium
The skill is vulnerable to path traversal and
Behavior Analysis
Mismatch detected — The skill claims to 'generate' cover images but acts as an orchestrator, delegating the actual image generation to an unspecified external skill or model. It does not explicitly state which specific tool or API it calls for image generation, nor any associated URLs, which is a significant omission for understanding its full operational scope and potential external data interactions.
Claims to do
Cover Image Generator: Generate elegant cover images for articles with 5-dimensional customization.
Actually does
This skill acts as an orchestrator, reading local article content and reference images, analyzing them, and constructing a detailed prompt based on user-defined or auto-selected parameters. It saves this prompt locally to `prompts/cover.md` and then calls an unspecified external image generation skill or model (potentially mentioning 'Jimeng' or 'Seedream 3.0' as examples), passing the prompt and reference images, to produce a `cover.png` file locally. It also manages local configuration files (`EXTEND.md`) and output directories.
Skill Info
Namejimliu/baoyu-skills/baoyu-cover-image
Registrygithub
Versione13092ba2af1
PURLpkg:github/jimliu/baoyu-skills@e13092ba2af1?skill=baoyu-cover-image
Stars14,596
Installs16,700
Source
SHA-2567243bcbf455e...
SHA-16e5803a350d4...
MD5bd142df62397...
TLSHbe32a6215d13...
ssdeep192:m4GczDkq...
Size10,934 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
Assessments (4)
AI Agent Traps ↗Potential for RAG/Memory Poisoning via User-Controlled Filesmediumrag poisoning
The skill loads configuration from `EXTEND.md` and processes content from user-provided article files and reference description files. Malicious content in these files could inject instructions or data into the agent's RAG context or working memory.
100% confidenceline 241
Load Preferences, Custom configurations via EXTEND.md, Deep analyze references ⚠️: Extract specific, concrete elements
File System Write Access to User-Defined Pathsmediumpersistence
The skill writes generated output files and reference files to directories determined by user preferences. Without proper sanitization of user-controlled directory names, this could allow path traversal to write files to arbitrary locations.
100% confidence
Output directory per default_output_dir preference: same-dir: {article-dir}/File System Read Access via Reference Image Pathsmediumdata exfiltration
The skill accepts multiple file paths for reference images (`--ref <files...>`). If these paths are not properly sanitized, an attacker could use path traversal to instruct the agent to read arbitrary files from the file system.
100% confidence
--ref <files...> option, Save reference images (if provided)
Sub-Agent Spawning and Tool Invocationmediumsub agent spawning
The skill can invoke other 'image generation skills' and pass a prompt file to them. An attacker influencing the choice of downstream skill or manipulating the prompt file could trigger unintended actions from those invoked skills.
100% confidenceline 199
Check image generation skills; if multiple, ask preference, Generate: Call skill with prompt file, output path, aspect ratio
Configuration File (`EXTEND.md`) as Potential Attack Surfacemediumsupply chain
The skill relies on `EXTEND.md` for 'Custom configurations' with a defined 'Schema'. If this schema allows for dynamic execution, script injection, or defining external resources, it could become a vector for supply chain attacks or command injection.
80% confidenceline 245
Custom configurations via EXTEND.md, Schema: [references/config/preferences-schema.md]
Autonomy Abuse via Quick Mode and Blocking Setuplowautonomy abuse
The `--quick` option allows skipping user confirmation, reducing human oversight. Additionally, a 'CRITICAL' blocking setup step for `EXTEND.md` could proceed autonomously without explicit user approval for sensitive operations.
100% confidenceline 154
--quick | Skip confirmation, use auto-selection, CRITICAL: If not found, complete setup BEFORE any other steps or questions.
Description Mismatchlowdescription mismatch
The skill claims to 'generate' cover images but acts as an orchestrator, delegating the actual image generation to an unspecified external skill or model. It does not explicitly state which specific tool or API it calls for image generation, nor any associated URLs, which is a significant omission for understanding its full operational scope and potential external data interactions.
85% confidence
Workflow Step 4: 'Check image generation skills; if multiple, ask preference', 'Process references from prompt frontmatter: direct usage → pass via --ref (use ref-capable backend)', 'Generate: Call skill with prompt file, output path, aspect ratio'.
Dependencies (1)
baoyu-skills.claude-plugin/marketplace.jsonnot scanned
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/jimliu/baoyu-skills/baoyu-cover-image)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/jimliu/baoyu-skills/baoyu-cover-image"><img src="https://mondoo.com/ai-agent-security/api/badge/github/jimliu/baoyu-skills/baoyu-cover-image.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/jimliu/baoyu-skills/baoyu-cover-image.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow