blog-post
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [Data Exposure & Exfiltration] (HIGH): The skill directs the agent to read sensitive data from a hardcoded absolute path at
/Users/pcstyle/.env.blog. Accessing specific user environment files for credentials is a dangerous practice that can lead to credential exposure and exfiltration when combined with the skill's network capabilities. - [Indirect Prompt Injection] (HIGH): The skill exhibits a significant attack surface for indirect prompt injection. It ingests untrusted user data for blog posts and interpolates it directly into shell-based
curlcommands without any sanitization or boundary markers. - Ingestion points: User-provided blog content, titles, and summaries (SKILL.md).
- Boundary markers: None. There are no instructions for the agent to escape or validate the input.
- Capability inventory: Subprocess execution of
curlto external domains (SKILL.md, references/blog-api.md). - Sanitization: None. User input is placed directly into bash command strings, allowing for arbitrary command execution via shell metacharacters like backticks or dollar-sign parentheses.
- [Command Execution] (MEDIUM): The skill relies on raw shell command templates for its core functionality. This increases the risk that an agent will execute malformed or malicious commands if the input data contains unexpected characters.
Recommendations
- AI detected serious security threats
Audit Metadata