blog-analyze
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted data using powerful system tools without proper isolation.
- Ingestion points: Local files accessed via the Read tool and remote content retrieved via WebFetch.
- Boundary markers: None. The skill does not instruct the agent to distinguish between blog content and potential embedded instructions.
- Capability inventory: Significant capabilities including Bash, Write, Grep, Glob, and WebFetch.
- Sanitization: No mechanisms are described for validating or sanitizing input data.
- [COMMAND_EXECUTION]: The inclusion of the Bash tool creates a risk of arbitrary command execution if the agent is tricked by instructions found in the audited blog posts.
- [EXTERNAL_DOWNLOADS]: The WebFetch tool allows the agent to ingest content from arbitrary external URLs, which serves as a primary vector for the delivery of malicious prompt injection payloads.
Audit Metadata