blog-post
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various system commands including git, gh, and zola to manage the repository, commit changes, and submit pull requests. It also executes a shell script (switch-site.sh) located within the cloned repository to configure the site environment.
- [EXTERNAL_DOWNLOADS]: The skill clones the repository 'https://github.com/jim60105/blog.git' and initializes submodules. This repository belongs to the skill author and is necessary for the blog publishing workflow.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it processes user-provided content and follows instructions from files (quill-sage.instructions.md) within the cloned repository while possessing write access to GitHub repositories.
- Ingestion points: User-provided blog topics/content and instruction files within the git repository.
- Boundary markers: Absent; the skill does not use specific delimiters to isolate untrusted data.
- Capability inventory: Git commit, git push, and GitHub pull request creation via the 'gh' CLI.
- Sanitization: Absent; the skill lacks mechanisms to sanitize user content before it is committed to the repository.
Audit Metadata