blog-writer
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it ingests untrusted data from external sources that could contain malicious instructions. Ingestion points: Web search results and X.com posts (referenced in references/mode-3-search.md). Boundary markers: Absent; the skill lacks instructions to use delimiters or ignore embedded commands in scraped data. Capability inventory: Command execution (python3), file system access, and network requests. Sanitization: No explicit validation or filtering of external content is defined.
- [COMMAND_EXECUTION]: The skill directs the agent to execute a local script ('scraper.py') via the shell, utilizing arguments like usernames and post counts provided by the user. Evidence: Command patterns documented in references/mode-3-search.md.
- [EXTERNAL_DOWNLOADS]: The skill provides guidance for installing external software, including the Playwright library and browser extensions, which are required for scraping functionality. Evidence: Prerequisites section in references/mode-3-search.md.
- [DATA_EXFILTRATION]: The skill reads sensitive authentication data (X.com cookies) from the file system at '/tmp/x_cookies_pw.json' to perform authorized web requests. Accessing raw session data in a shared environment like '/tmp' presents an exposure risk. Evidence: Cookie handling workflows in references/mode-3-search.md.
Audit Metadata