ai-blog-writer
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- Indirect Prompt Injection (INFO): The skill processes user-provided topics and blog content through local utility scripts.\n
- Ingestion points: Untrusted data enters the agent context via
scripts/generate_outline.py(CLI arguments) andscripts/seo_check.py(file reading).\n - Boundary markers: Absent; the scripts do not use explicit delimiters or instructions to ignore embedded commands in the user-provided strings.\n
- Capability inventory: All scripts are limited to string manipulation and printing to the console; no network access, file-writing, or dynamic code execution occurs.\n
- Sanitization: Absent; however, since the scripts only produce text for the agent to review and do not trigger side-effecting tools, the risk is negligible.\n- Data Exposure (LOW): The
scripts/seo_check.pyutility can read any file the agent has access to via the provided CLI path argument. While no exfiltration mechanism is present, it provides a surface for reading local files if the agent's file system access is not restricted.
Audit Metadata