blog-writer
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the user and uses it to generate content published to Notion. 1. Ingestion points: Phase 1 'Gather Information' in SKILL.md requests research materials, links, or notes from the user. 2. Boundary markers: Absent in SKILL.md; the skill does not instruct the agent to ignore or delimit instructions within the research material. 3. Capability inventory: The skill can perform network operations via the Notion API and filesystem operations via the manage_examples.py script. 4. Sanitization: Absent; no explicit sanitization or validation of the ingested content is defined.
- [COMMAND_EXECUTION]: The skill includes manage_examples.py, a Python script that manages the local filesystem by deleting files in the references/blog-examples/ directory. This script is intended to prune the library when it exceeds 20 examples, representing a capability for file deletion within the skill's environment.
Audit Metadata