blog-planner
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface.
- Ingestion points: The skill reads user-provided reference materials, drafts, PRDs, and RFCs from local file paths during the intake phase.
- Boundary markers: There are no explicit boundary markers or instructions to ignore instructions embedded within the ingested documents.
- Capability inventory: The skill is authorized to write markdown files directly to the
website/blog/posts/directory. - Sanitization: The skill lacks mechanisms to sanitize or validate the content of ingested materials before processing them.
- [COMMAND_EXECUTION]: Local File System Write. The skill is instructed to save the generated blog post outline directly to the
website/blog/posts/directory. While this is part of its intended functionality, this write capability represents a risk if the agent's logic is subverted through malicious input in the ingested reference materials.
Audit Metadata