autoblogwriter-cli
Fail
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The README.md file provides installation instructions that involve piping a script from 'https://skills.sh/install' directly to bash. This practice enables arbitrary remote code execution from an unverified source.
- [EXTERNAL_DOWNLOADS]: The skill directs the download of installation scripts and skill configuration from the untrusted domain 'skills.sh'.
- [COMMAND_EXECUTION]: The skill is built around executing multiple
autoblogwriterCLI commands, which allows the agent to perform actions such as generating ideas, creating posts, and running workflows on the host system. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection: 1. Ingestion points: The skill processes external content from
payload.json,workflow.json, and user-supplied--inlineJSON strings. 2. Boundary markers: There are no explicit markers or delimiters to isolate untrusted data from instructions. 3. Capability inventory: The agent can execute mutating CLI commands, including publishing posts and starting run workflows. 4. Sanitization: No sanitization or input validation is specified for data used within CLI command arguments.
Recommendations
- HIGH: Downloads and executes remote code from: https://skills.sh/install - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata