blitz-create-script
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from an external configuration file, creating an indirect prompt injection surface.\n
- Ingestion points: Reads ICP filters and logic parameters from
gtm-brief.yamlas described inSKILL.md.\n - Boundary markers: None; the instructions do not include delimiters or warnings to treat the YAML content as untrusted.\n
- Capability inventory: The skill generates and writes executable scripts (
script.py,script.ts,script.mjs) and executes local shell scripts (scripts/detect_pm.sh,scripts/verify_sdk.sh).\n - Sanitization: No explicit sanitization or validation of the YAML data is performed before it is interpolated into generated code, which could lead to malformed or malicious script generation if the input file is compromised.\n- [COMMAND_EXECUTION]: Runs local shell scripts to determine the appropriate package manager and verify SDK installation.\n
- Evidence: Execution of
scripts/detect_pm.shandscripts/verify_sdk.shdocumented inSKILL.md.\n- [EXTERNAL_DOWNLOADS]: Installs theblitz-api-pyandblitz-api-jslibraries via standard package managers.\n - Evidence: Installation commands for
uv,pip,bun, andnpmare provided inscripts/detect_pm.sh. These packages are legitimate resources associated with the author's brand.\n- [CREDENTIALS_UNSAFE]: References theBLITZ_API_KEYbut provides robust guidance on secure handling to prevent exposure.\n - Evidence: Instructs users to use
.envfiles and update.gitignoreinreferences/error-handling.mdto ensure secrets are not committed to version control.
Audit Metadata