blog-writer
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill is susceptible to indirect prompt injection because it ingests untrusted data from the web during its research phase.\n
- Ingestion points: Research data is gathered from the 'web-search-researcher agent' as a core part of the workflow (SKILL.md).\n
- Boundary markers: The instructions lack requirements for delimiters or explicit warnings to ignore instructions embedded within the researched content.\n
- Capability inventory: The agent has 'Write' and 'Edit' permissions to the local filesystem, specifically the 'thoughts/blog/' directory (SKILL.md).\n
- Sanitization: No validation or sanitization of external research content is specified before it is processed by the agent.
Audit Metadata