publish-article
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill directs the agent to perform file system operations (
mv,mkdir) and version control tasks (git commit,git push). These instructions grant the agent the power to modify the repository and deploy changes to remote servers. - [PROMPT_INJECTION] (HIGH): This skill is vulnerable to Indirect Prompt Injection. Static analysis identifies the following evidence chain:
- Ingestion points: The agent processes data from article drafts located in
packages/blog/pipeline/active/NNN-slug/05-draft.md. - Boundary markers: Absent. There are no delimiters or instructions to ignore commands embedded within the draft content.
- Capability inventory: The agent has the ability to move files and perform
git pushoperations. - Sanitization: No sanitization or validation of the draft content is performed.
- Risk Assessment: If an article draft contains malicious instructions, the agent may execute them using its file system and Git permissions, potentially leading to repository compromise or unauthorized site modifications.
Recommendations
- AI detected serious security threats
Audit Metadata