publish-blog
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's workflow depends on the execution of multiple external Python scripts, specifically
content-scorer.py,brand-voice-scorer.py,approval-manager.py, andexecution-tracker.py. These scripts are run at various stages of the publishing process to perform analysis and logging. - [DATA_EXFILTRATION]: The skill accesses potentially sensitive business data by reading from the
~/.claude-marketing/directory. This includes active brand slugs, brand profiles, compliance rules, and agency SOPs. This data exposure is a risk if the agent is misled into sharing these files externally. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its ingestion of untrusted blog content.
- Ingestion points: The skill accepts a 'Blog draft' and 'Featured image description' as input.
- Boundary markers: There are no defined delimiters or instructions to ignore embedded commands within the draft content.
- Capability inventory: The skill possesses the ability to execute local scripts (command execution), read sensitive local configuration files, and send data to external CMS APIs (WordPress and Webflow).
- Sanitization: The process does not specify any sanitization or validation logic for the input text before it is analyzed by scripts or published to the web.
Audit Metadata