blink-cms
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is authored by the platform vendor (blink-new) and provides legitimate administrative tools for content management on their official domain (blink.new).
- [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection due to its primary function of reading external content.
- Ingestion points: Untrusted content is ingested from the CMS through the
cms_read_filetool mentioned inSKILL.md. - Boundary markers: The instructions lack delimiters or safety markers to differentiate between data and instructions when reading MDX files.
- Capability inventory: The agent has significant capabilities including writing files (
cms_write_file), performing search-and-replace edits (cms_search_replace), and publishing content (cms_publish). - Sanitization: There is no evidence of content sanitization or instruction filtering for retrieved data.
Audit Metadata