ghost-blog
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides legitimate blog management functionality (CRUD operations on posts and tags) using official Ghost Admin API endpoints. All network traffic is directed to the user-configured GHOST_URL over HTTPS.
- [EXTERNAL_DOWNLOADS]: The skill specifies standard and well-known Python dependencies in its requirements.txt file, including requests, PyJWT, python-dotenv, and markdown. These are sourced from official registries and are appropriate for the intended use.
- [CREDENTIALS_UNSAFE]: The skill avoids hardcoding credentials, instead loading the GHOST_ADMIN_KEY from environment variables. It also includes a dedicated masking function (mask_api_key) to protect secrets from being accidentally logged or displayed in the console.
- [PROMPT_INJECTION]: The skill possesses a surface area for indirect prompt injection as it retrieves and processes blog post content. However, this is expected behavior for a CMS management tool. Evidence: Ingestion points: posts_crud.py (GET) and posts_browse.py; Boundary markers: Absent; Capability inventory: Bash, Read, Write, and Edit tools (SKILL.md) and network requests (ghost_core.py); Sanitization: Absent.
Audit Metadata