journal-to-post
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user input from text or files to generate social media content but fails to implement boundary markers or instructions to ignore embedded commands. This creates an attack surface for indirect prompt injection. ● Ingestion points:
SKILL.md(via the command argument) ● Boundary markers: Absent ● Capability inventory:SKILL.md(text generation and transformation) ● Sanitization: Absent. - [DATA_EXFILTRATION]: The command
/journal-to-postallows for a file path to be provided as an input source. This functionality could be exploited to read sensitive system or configuration files if the underlying agent does not enforce strict sandboxing or path validation.
Audit Metadata