blog-draft
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions specify the use of Git commands to manage the blog post project. Specifically, it stages files, creates commits, and pushes changes to a remote repository (SKILL.md, Steps 5 and 7).
- [EXTERNAL_DOWNLOADS]: The skill fetches content from arbitrary user-provided URLs to summarize information for the blog post (SKILL.md, Step 1).
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from external URLs and local files without defined boundaries or sanitization.
- Ingestion points: Content from user-specified URLs and files is read during the research phase (SKILL.md).
- Boundary markers: The skill does not define specific delimiters or instructions to the agent to ignore potentially malicious commands within the sourced material.
- Capability inventory: Includes file system writing, reading, web searching, and Git command execution (commit/push).
- Sanitization: No evidence of sanitization or content validation for fetched external data is present.
Audit Metadata