Skills
skills/rankearly/rankearly-skills/blog-image/Gen Agent Trust Hub

blog-image

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill is a prompt-engineering tool that does not invoke external commands, access sensitive system files, or make network requests. All referenced assets are local markdown files within the skill's directory.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests user-supplied content to generate structured prompts. However, the risk is negligible as it lacks executable capabilities.
  • Ingestion points: User-provided blog titles and topic descriptions are used in SKILL.md (Step 1 and Step 3).
  • Boundary markers: None identified. The user input is interpolated directly into the image prompt template.
  • Capability inventory: No capabilities for subprocess calls, file-writing, or network operations were found in any of the skill files.
  • Sanitization: There is no evidence of sanitization or filtering of user-supplied text before it is placed into the prompt output.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 01:14 AM