blurb-engineer
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill defines workflows for building and testing the monorepo using tools like
bun,wrangler, andvitest. This is standard for a platform engineering assistant.- [DATA_EXFILTRATION]: Instructions include retrieving administrative tokens from Infisical and using them to update live content on theblurb.mdproduction environment via API calls. These operations are aligned with the skill's stated purpose for platform maintenance and use the vendor's own infrastructure.- [PROMPT_INJECTION]: The skill processes project-specific data and source code within the workspace, creating an indirect prompt injection surface. - Ingestion points: Project files and live content edited via API (e.g.,
README.md). - Boundary markers: The instructions do not define specific delimiters for separating code from data during processing.
- Capability inventory: High-privilege CLI tools (
infisical,wrangler,bun) and network access (curl). - Sanitization: No specific input sanitization procedures are outlined for processing workspace content.
Audit Metadata