publish-blog
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several local Python scripts, including
content-scorer.py,brand-voice-scorer.py,approval-manager.py, andexecution-tracker.py, which are used to validate and log the publishing process. - [DATA_EXFILTRATION]: The skill reads brand configuration and profiles from
~/.claude-marketing/brands/, which is used to ensure compliance and brand voice alignment. - [PROMPT_INJECTION]: The skill processes untrusted user-provided blog drafts and publishes them to external platforms, creating a surface for indirect prompt injection.
- Ingestion points: Blog content drafts provided by the user (SKILL.md)
- Boundary markers: None identified in the workflow instructions
- Capability inventory: Subprocess execution of Python scripts and network access via CMS MCP servers (SKILL.md)
- Sanitization: No content sanitization or instruction filtering is documented
Audit Metadata