blog-writer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted user input (titles, slugs, and categories) to generate file paths and update the site configuration file (_config.yml). Ingestion points: User interaction for blog metadata defined in SKILL.md. Boundary markers: Absent; user input is interpolated directly into templates. Capability inventory: Writing to the local filesystem (src/content/blog/) and modifying YAML configuration. Sanitization: Absent; the skill does not define rules to validate or escape characters in the generated slugs or categories. This allows a malicious user to potentially overwrite files or inject malicious YAML keys into the site configuration.
- [Command Execution] (LOW): The skill instructs the agent to execute shell commands such as 'pnpm dev' and 'pnpm lint:fix'. While standard for development, these instructions are issued without verifying the integrity of the project environment which may have been altered by the injection vector.
Recommendations
- AI detected serious security threats
Audit Metadata