hn-title
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill consists entirely of Markdown text, instructions, and examples. It does not include any Python scripts, Node.js modules, or system commands.\n- [SAFE]: No security threats such as credential theft, remote code execution, or persistence mechanisms were detected. The skill's logic is confined to text processing and analysis.\n- [PROMPT_INJECTION]: The skill involves processing untrusted user data, specifically blog titles or links, which presents a surface for indirect prompt injection. However, since the skill has no defined capabilities or tools, there is no impact.\n
- Ingestion points: User-provided titles and content descriptions ingested in 'Phase 1: Analyze Context'.\n
- Boundary markers: None identified; user input is processed directly.\n
- Capability inventory: None; the skill lacks subprocess execution, file writing, or network operations.\n
- Sanitization: None identified; input data is not filtered or escaped before processing.
Audit Metadata