create-blog-post
Fail
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the execution of shell commands and explicitly instructs the user to run 'sudo apt-get install -y webp' to install dependencies. The use of sudo to acquire root privileges is a significant privilege escalation risk. Additionally, the skill executes the 'cwebp' command to perform image conversions.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it processes untrusted markdown files provided by the user and uses the extracted data to perform file writes and command executions. * Ingestion points: Reads draft markdown files from the 'create-blog-post/' directory. * Boundary markers: None; the skill does not use delimiters or instructions to the agent to ignore instructions embedded within the draft markdown. * Capability inventory: The skill writes new markdown files to 'source/_posts/' and executes the 'cwebp' shell command. * Sanitization: There is no logic mentioned for sanitizing the blog title, slug, or content before they are used in filesystem paths, HTML generation, or shell command arguments.
Recommendations
- AI detected serious security threats
Audit Metadata