em-marketing-content
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill creates a significant attack surface for indirect prompt injection by combining data ingestion with authenticated write capabilities.\n
- Ingestion points: Data enters the agent's context through the
--dataflag inscripts/storyblok.tsand the interactive information gathering steps described inREADME.md.\n - Boundary markers: Absent. No delimiters or isolation instructions are present to prevent the agent from interpreting embedded malicious instructions as its own goals.\n
- Capability inventory: The script performs authenticated
POSTrequests to the Storyblok Management API, enabling the agent to create or modify external web content.\n - Sanitization: Absent. No validation or sanitization of the content is performed before it is sent to the API.\n- [EXTERNAL_DOWNLOADS] (LOW): The shebang in
scripts/storyblok.tsusesnpx -y bun, which automatically downloads the Bun runtime from the npm registry if it is not present. While Bun is a standard developer tool, this behavior introduces a runtime dependency on an external package registry.
Recommendations
- AI detected serious security threats
Audit Metadata