ghost-blog
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows security best practices by managing sensitive Admin API keys through environment variables and a .env file, rather than hardcoding credentials.
- [SAFE]: Authentication is handled using a standard JWT implementation via the reputable PyJWT library, which is the required method for the Ghost Admin API.
- [SAFE]: The skill includes safety mechanisms for destructive or large-scale operations, such as mandatory confirmation flags for deletions and a preview-only mode by default for bulk post updates.
- [SAFE]: All identified dependencies (requests, PyJWT, python-dotenv, markdown) are well-known, established packages from the official Python Package Index (PyPI).
- [SAFE]: The scripts perform standard administrative tasks (listing, creating, updating, and deleting blog content) consistent with the skill's stated purpose, with no evidence of unauthorized data access or exfiltration.
Audit Metadata