Skills
skills/jim60105/copilot-prompt/create-blog-post/Gen Agent Trust Hub

create-blog-post

Fail

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (HIGH): The skill performs a git clone from https://github.com/jim60105/blog.git. This repository is not on the trusted sources list, making the download a risk.
  • REMOTE_CODE_EXECUTION (HIGH): Following the repository clone, the skill executes ./switch-site.sh. Since the contents of this script are fetched from an external untrusted repository, this constitutes a remote code execution vector if the source repository is malicious or compromised.
  • COMMAND_EXECUTION (MEDIUM): The skill makes extensive use of system commands including git and gh (GitHub CLI). It performs operations such as git push and gh pr create, which require active credentials and can modify the state of remote repositories.
  • PROMPT_INJECTION (LOW): The skill is instructed to read guidelines from .github/instructions/quill-sage.instructions.md and AGENTS.md within the cloned repository. These files represent an attack surface for indirect prompt injection that could alter the agent's behavior.
  • Ingestion points: AGENTS.md, .github/instructions/quill-sage.instructions.md inside the cloned repo.
  • Boundary markers: None specified for the read operations.
  • Capability inventory: Shell execution (./switch-site.sh), Git operations, GitHub PR creation.
  • Sanitization: No sanitization or validation of the fetched instructions is mentioned.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 22, 2026, 08:53 PM