Skills
skills/agricidaniel/claude-blog/blog-rewrite/Gen Agent Trust Hub

blog-rewrite

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads and processes external blog posts (MDX, HTML, Markdown) which may contain malicious instructions meant to hijack the agent's behavior.
  • Ingestion points: The skill uses the Read tool to ingest existing blog content from the file system.
  • Boundary markers: There are no specified delimiters (e.g., XML tags or triple quotes) or 'ignore' instructions used when the agent processes the blog content for rewriting.
  • Capability inventory: The skill has access to high-privilege tools including Bash, Write, Edit, and Task, which could be exploited if an injection is successful.
  • Sanitization: No sanitization or validation of the input text is described before it is passed to the rewriting phase.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform operations such as grepping through directories for keyword cannibalization checks. While used for legitimate functionality, the execution of shell commands based on file system metadata and content increases the attack surface if directory structures or filenames are manipulated.
  • [EXTERNAL_DOWNLOADS]: The skill performs network operations to fetch external resources.
  • It uses WebSearch and WebFetch to find and verify images from well-known services like Pixabay and Unsplash.
  • It fetches statistics and data from 'tier 1-3 sources' for factual verification.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 11:10 PM