blog-schema
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from blog posts to generate structured schema. Markup or text within the blog post (especially in the FAQ or description sections) could contain hidden instructions designed to manipulate the agent's behavior during the generation process.
- Ingestion points: The skill reads content from blog post files in Step 1 to extract titles, author information, descriptions, and FAQ pairs.
- Boundary markers: No explicit boundary markers or delimiters are used to wrap the ingested content, and there are no instructions to the agent to ignore potential commands embedded in the source text.
- Capability inventory: The skill has access to file system tools including
Read,Write,Grep, andGlob, which could be exploited to read or overwrite other files if an injection is successful. - Sanitization: There is no evidence of text sanitization or filtering of the extracted content before it is processed for schema generation.
Audit Metadata