blog
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted data from local files (existing blog posts) and web search results.
- Ingestion points: Commands like
/blog analyzeand/blog rewriteingest content from local files or URLs. - Boundary markers: The orchestration logic does not explicitly use delimiters or instructions to ignore embedded prompts within processed content.
- Capability inventory: The workflow involves multiple agents (researcher, writer, seo, reviewer) with capabilities including file system writes, web search, and Google API interactions.
- Sanitization: There is no mention of sanitizing or escaping the content retrieved from external sources before it is processed by the writing agent.
- [COMMAND_EXECUTION]: The skill documentation provides examples of shell commands (e.g., using
curlfor bot simulation) to assist users in verifying technical SEO. These are provided as informative examples for manual execution. - [EXTERNAL_DOWNLOADS]: The skill references numerous external resources for documentation, image sourcing (Pixabay, Unsplash, Pexels), and community engagement. All sources are well-known services or author-managed platforms, and these references are documented neutrally.
Audit Metadata