blog
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to process and analyze blog content, which introduces a surface for indirect prompt injection from external sources. \n
- Ingestion points: The
scripts/analyze_blog.pyscript reads markdown and HTML content from the local filesystem. Theblog-researcheragent uses WebSearch to gather data from the web. \n - Boundary markers: The skill does not implement specific delimiters or 'ignore' instructions to isolate processed content from the agent's internal reasoning. \n
- Capability inventory: The agent can perform file reads, web searches, and initiate complex sub-agent workflows using the
spawn_agentcommand. \n - Sanitization: There is no evidence of sanitization or filtering for embedded instructions in the ingested blog content or research data. \n- [COMMAND_EXECUTION]: The skill includes a local script and utilizes agent orchestration for its core functionality. \n
- Evidence: The file
scripts/analyze_blog.pyis a standalone utility for auditing content quality. TheSKILL.mdfile describes an orchestration logic that involves spawning sub-agents (explorer,worker) to perform discovery and parallel tasks.
Audit Metadata