Skills
skills/peterbamuhigire/skills-web-dev/blog-idea-generator/Gen Agent Trust Hub

blog-idea-generator

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes untrusted data from multiple project files to generate content.
  • Ingestion points: The skill reads project documentation in SKILL.md including docs/en/company-profile.md, docs/en/services.md, docs/en/pages.md, docs/sector-brief.md, docs/style-brief.md, docs/blogs/topics.md, and src/pages/en/blog/.
  • Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the ingested files specified in SKILL.md, increasing the risk of the agent following malicious instructions found in documentation.
  • Capability inventory: The skill possesses file-write capabilities as defined in SKILL.md (Step 7), specifically writing to docs/blogs/topics.md.
  • Sanitization: No sanitization, escaping, or validation of the external content is performed before interpolation into the generation prompt.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 07:34 AM