opened-weekly-newsletter-writer
Warn
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill's HubSpot publishing workflow requires reading the
HUBSPOT_API_KEYfrom a sensitive configuration file located atOpenEd Vault/.env. Accessing environment files within the agent's workspace is a high-risk pattern that can lead to credential exposure if the agent is compromised or manipulated via prompt injection. - [COMMAND_EXECUTION]: The workflow involves executing a local Python script,
push_to_hubspot.py, to process markdown and interact with the HubSpot API. While this script is described as part of the intended functionality, the execution of local scripts is a powerful capability that requires monitoring. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core workflow of ingesting and synthesizing external, untrusted data from multiple sources.
- Ingestion points: The skill processes raw content, podcast transcriptions, and external articles in Phase 1 to populate the
Source_Material.mdfile. - Boundary markers: The instructions lack explicit delimiters or "ignore embedded instructions" directives to prevent the model from following malicious commands that might be hidden in the source materials.
- Capability inventory: The skill uses a local script to perform network operations and publish content to the HubSpot API.
- Sanitization: There is no specified validation or sanitization process for the ingested data before it is transformed into newsletter content or pushed to external services.
Audit Metadata