blog-writer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill workflow includes researching topics using a web-search-researcher agent. Content retrieved from external websites could contain adversarial instructions designed to influence the blog post output. \n
- Ingestion points: External data enters via the web-search-researcher agent during the research step (SKILL.md). \n
- Boundary markers: Absent; there are no specific delimiters or instructions to the agent to ignore directives within search results. \n
- Capability inventory: The skill uses Read, Grep, Glob, Write, and Edit tools, allowing it to modify the local file system (SKILL.md). \n
- Sanitization: Absent; the skill relies on the LLM's base safety and a manual checklist rather than technical sanitization. \n- [Data Exposure & Exfiltration] (SAFE): The skill uses file tools (Read, Write, Edit) for drafting posts within the 'thoughts/' directory. No unauthorized access to sensitive system files or evidence of data exfiltration was detected. \n- [Remote Code Execution] (SAFE): No external dependencies, remote script downloads, or dynamic execution patterns were identified in the skill files.
Audit Metadata