auto-blog-cover
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
auto_blog_cover.pyinvokes an external Python script (cover_generator.py) usingsubprocess.run. While it uses the safer list-based argument passing instead ofshell=True, it still executes external code based on paths computed at runtime. - [PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface (Category 8) because it extracts untrusted text from markdown files and passes it to downstream tools.
- Ingestion points: Title and subtitle data are extracted from the frontmatter and content of markdown files in
auto_blog_cover.py. - Boundary markers: No delimiters or safety instructions are used when passing the extracted strings to the generation tool.
- Capability inventory: The skill possesses file-write capabilities and the ability to execute subprocesses.
- Sanitization: The script does not perform any escaping or validation on the text extracted from the markdown file before using it as a command-line argument.
Audit Metadata