blog-post
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [DYNAMIC_CONTEXT_INJECTION]: The skill employs the
!command`` syntax in its Context section to executefindandgitcommands (e.g.,git remote -v,git branch --show-current) when the skill is loaded. These commands are used to automatically populate repository information into the agent's context and do not perform unauthorized network operations or access sensitive system files. - [INDIRECT_PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted data from
git log(commit messages) and user-supplied arguments to build blog post templates. - Ingestion points: Reads commit messages via
git logand project names viagit remote. - Boundary markers: Absent. The skill does not explicitly warn the model to ignore instructions found within git history.
- Capability inventory: The skill is limited to reading/writing files and executing specific, constrained bash commands (
hugo,date). - Sanitization: No specific sanitization or escaping of git output is performed before it is presented to the agent.
Audit Metadata