publish-x-article
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes user-supplied Markdown content which can serve as a vector for indirect prompt injection.
- Ingestion points: Markdown files read from local paths or URLs via bash commands and script processing.
- Boundary markers: No delimiters or instructions to ignore embedded agent commands are applied to the processed article content.
- Capability inventory: Extensive browser automation (navigation, clicking, typing), local script execution, file system access, and system clipboard operations.
- Sanitization: Uses regex-based conversion in
scripts/parse_markdown.pywhich lacks robust sanitization to prevent the execution of embedded instructional text intended to influence the agent.
Audit Metadata