Skills
skills/christowles/blog/fix-blog-images/Gen Agent Trust Hub

fix-blog-images

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because it processes untrusted markdown content.\n
  • Ingestion points: The script reads content from all uncommitted .md files in the configured content directory (e.g., extract_image_references in scripts/fix_blog_images.py).\n
  • Boundary markers: No explicit delimiters or instructions are used to separate user-provided markdown content from the agent's instructions, potentially allowing embedded text to influence the agent.\n
  • Capability inventory: The script performs file system existence checks (os.path.exists) and executes git status. The SKILL.md instructions then lead the agent to perform file moves and edits based on this data.\n
  • Sanitization: No sanitization or escaping is performed on the extracted image paths or alt text before they are interpolated into the agent's workflow.\n- [COMMAND_EXECUTION] (SAFE): The script executes git status using subprocess.run with a hardcoded list of arguments. This is a standard and safe operation for identifying local changes and does not involve user-controlled input in the command execution path.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:38 PM