blog-write
Warn
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs shell command execution to verify image URLs.
- Evidence: In Phase 2, the skill uses
curl -sI "<url>" | head -1to check for HTTP 200 responses. - Risk: The
<url>variable is populated from external search results (Pixabay, Unsplash, Pexels). If a search result provides a maliciously crafted URL containing shell metacharacters, it could lead to arbitrary command execution on the host system. - [EXTERNAL_DOWNLOADS]: The skill interacts with external services to retrieve media assets.
- Evidence: The workflow fetches image data from well-known services including Pixabay, Unsplash, and Pexels. These are recognized as legitimate sources for the skill's primary purpose.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of untrusted external data.
- Ingestion points: Phase 2 retrieves data from web searches and external image hosting platforms.
- Boundary markers: No delimiters or specific instructions are provided to the agent to ignore instructions embedded in the external content.
- Capability inventory: The skill can execute shell commands (
curl), spawn sub-agents (blog-researcher), and write files to the local system. - Sanitization: There is no evidence of sanitization or validation of the data retrieved from external sources before it is used in shell commands or interpolated into the article generation prompt.
Audit Metadata