blog-taxonomy
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill workflow involves analyzing content from local files using the Bash tool. There is a risk of command injection if the agent uses shell commands to process file content or paths without adequate sanitization.\n- [DATA_EXFILTRATION]: The skill uses sensitive credentials (CMS_API_KEY) and transmits them via network requests to a dynamic CMS_URL. If an attacker can influence the destination URL or if the agent is misdirected, these credentials could be exposed.\n- [PROMPT_INJECTION]: The skill processes untrusted blog post data (headings, text, frontmatter) to generate suggestions, creating an attack surface for indirect prompt injection.\n
- Ingestion points: Local blog files and CMS data accessed via Read, Grep, and WebFetch (SKILL.md).\n
- Boundary markers: Absent; no instructions provided to distinguish between content and instructions.\n
- Capability inventory: Access to Bash (shell) and WebFetch (network) for sync and analysis tasks.\n
- Sanitization: Absent; no logic described to validate or escape extracted content before further use.
Audit Metadata