Back to skill

Security audit

Baoyu Article Illustrator

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a normal article-illustration workflow, but it contains a prompt that tells the agent not to refuse sensitive or copyrighted-figure requests.

Review before installing. The file-writing behavior is normal for an article illustration tool, but be aware that it stores prompts, references, generated images, backups, and preferences. The main issue is the instruction to not refuse sensitive or copyrighted-figure requests; install only if you are comfortable policing those requests yourself or after that line is removed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The prompt explicitly instructs the model to create stylistically similar alternatives for sensitive or copyrighted figures and adds 'DO NOT refuse to generate,' which attempts to bypass normal safety or policy refusals. In an article-illustration skill, this expands capability into potentially disallowed impersonation or copyright-evasion behavior that is not necessary for the stated purpose.

Natural-Language Policy Violations

High
Confidence
99% confidence
Finding
This instruction directly tells the model not to refuse and to produce substitutes for sensitive or copyrighted figures, which is a strong prompt-level attempt to override safety boundaries. That makes the skill more dangerous because it normalizes evasive generation behavior in a context where simple article illustration does not require handling restricted figures at all.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The workflow directs the agent to copy, rename, back up, and generate files in the user's workspace, including modifying existing content, but it does not require an explicit user-facing confirmation before those write operations occur. In an agent setting, this can lead to unintended local file changes or overwrites if the user did not realize the skill would mutate project files beyond image generation.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The workflow instructs the agent to inspect user-provided reference images, extract style and palette information, and save related metadata files, but it does not warn the user that image contents and descriptive metadata will be processed and stored locally. This creates a privacy risk because sensitive visual information or embedded context from personal or proprietary images may be analyzed and persisted without clear notice.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.