pre-publish-post-assistant
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (MEDIUM): The skill is designed to read local files provided via user input (e.g., "Classify this post: /path/to/draft.md"). Without explicit path validation or a restricted workspace, this capability could be exploited to read sensitive system files or credentials if the user provides a malicious path.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it ingests and analyzes untrusted data from files and remote URLs.
- Ingestion points: Workflow step 1 and the 'Input Formats' section indicate the skill reads content from local paths and remote URLs.
- Boundary markers: Absent. The instructions do not specify delimiters to separate untrusted content from the agent's instructions.
- Capability inventory: The skill has the capability to read local files and make network requests (GraphQL/URL fetch).
- Sanitization: Absent. No escaping or validation of external content is mentioned.
Audit Metadata