Xiaohongshu Image Card Series Generator

Name: baoyu-skills/baoyu-xhs-images
Author: jimliu

View on GitHub↗

Share on X Share on LinkedIn Share on Bluesky

70High

The skill is vulnerable to path traversal, command

ThreatsCI SM CS BC S HITL

Behavior Analysis

Mismatch detected — The skill's description implies it directly generates images, but the detailed workflow indicates it acts as an orchestrator, preparing prompts and managing the process for an *external* image generation skill.

Claims to do

Xiaohongshu Image Card Series Generator: Break down complex content into eye-catching Xiaohongshu image card series with multiple style options.

Actually does

This skill orchestrates the creation of Xiaohongshu image card series. It analyzes user-provided content, loads user preferences from `EXTEND.md`, generates content outlines and image prompts based on selected styles and layouts, and manages the workflow for an external image generation skill, including ensuring visual consistency via reference images and applying watermarks. It creates a structured directory for all generated artifacts.

Threat Analysis

AI Agent Traps ↗Scanned 4/15/2026

Content InjectionPerceptionclean

Semantic ManipulationReasoning1 finding

Cognitive StateMemory & Learningclean

Behavioural ControlAction4 findings

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseer1 finding

Skill Info

Namejimliu/baoyu-skills/baoyu-xhs-images

Registrygithub

Versione13092ba2af1

PURLpkg:github/jimliu/baoyu-skills@e13092ba2af1?skill=baoyu-xhs-images

Stars14,596

Installs16,900

Source

Repository ↗SKILL.md ↗

SHA-2560b36cca4fc8b...

SHA-10d9d3c424dc1...

MD59a920d49113e...

TLSHfee2d87d6d57...

ssdeep768:/ewXLoIJ...

Size31,234 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

GitHub

https://github.com/jimliu/baoyu-skills/tree/main/skills/baoyu-xhs-images

16,900 installs

Claude CodeDocs

/plugin marketplace add jimliu/baoyu-skills

/plugin install baoyu-xhs-images@jimliu/baoyu-skills

Skills.shDocs

npx skills add https://github.com/jimliu/baoyu-skills --skill baoyu-xhs-images

Assessments (3)

AI Agent Traps ↗

Command/Path Injection via Dynamic File Operationshighcommand execution

The skill constructs file paths and names using dynamically generated slugs from user content. Insufficient sanitization of these inputs could lead to command injection or path traversal vulnerabilities when performing file system operations or executing shell commands.

90% confidenceline 200

Slug Generation: Extract main topic from content (2-4 words, kebab-case)
xhs-images/{topic-slug}/
test -f .baoyu-skills/baoyu-xhs-images/EXTEND.md
Save source content
Save prompt to prompts/NN-{type}-[slug].md

Prompt Injection into Downstream Image Generation Skillhighprompt injection

The skill constructs prompts for an external image generation skill, incorporating dynamic and potentially user-controlled elements like watermarks. This creates a vector for an attacker to inject malicious instructions into the downstream image generation process.

90% confidenceline 470

Add to each image generation prompt: Include a subtle watermark "[content]" positioned at [position].
Image Generation Skill Selection

Persistence via User-Modifiable Configuration Filemediumpersistence

The skill uses `EXTEND.md` to store user preferences and custom configurations, checking for its existence in various user and project directories. If an attacker can write to this file, they could persistently alter the skill's behavior or inject malicious configurations that are loaded on subsequent runs.

90% confidenceline 290

EXTEND.md Supports: Watermark | Preferred style/layout | Custom style definitions | Language preference
Save EXTEND.md
test -f .baoyu-skills/baoyu-xhs-images/EXTEND.md

Broad File System Access and Managementlowdata exfiltration

The skill performs extensive file system operations, including creating directories, saving source content, analysis, outlines, prompts, and generated images. While necessary for its function, this broad access, especially with dynamic naming, increases the attack surface for unauthorized file manipulation or data exfiltration if combined with other vulnerabilities.

80% confidenceline 195

xhs-images/{topic-slug}/
source-{slug}.{ext}
analysis.md
outline.md
prompts/
Remove files

Bypass of Human Confirmation for Automated Actionsmediumapproval fatigue

The `--yes` flag allows the skill to bypass all user confirmations and proceed with automated actions based on defaults or auto-recommendations. This removes a critical human-in-the-loop security control, increasing the risk of unintended or malicious actions if the skill is invoked with compromised inputs.

100% confidenceline 44

`--yes` | Non-interactive mode: skip all confirmations.
`--yes` mode: Skip this entire step. No AskUserQuestion calls.

Description Mismatchinfodescription mismatch

The skill's description implies it directly generates images, but the detailed workflow indicates it acts as an orchestrator, preparing prompts and managing the process for an *external* image generation skill.

85% confidence

The 'Image Generation Skill Selection' section states: 'Check available image generation skills', implying it relies on another skill for the actual image generation.

Dependencies (1)

baoyu-skills.claude-plugin/marketplace.jsonnot scanned

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/github/jimliu/baoyu-skills/baoyu-xhs-images.svg)](https://mondoo.com/ai-agent-security/skills/github/jimliu/baoyu-skills/baoyu-xhs-images)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/github/jimliu/baoyu-skills/baoyu-xhs-images"><img src="https://mondoo.com/ai-agent-security/api/badge/github/jimliu/baoyu-skills/baoyu-xhs-images.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/github/jimliu/baoyu-skills/baoyu-xhs-images.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow