blog-writer
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted article proposals, creating a surface for indirect prompt injection.
- Ingestion points: Processes article proposals from the blog-planner skill and reads project metadata from develop/blog/posts/spec.yaml.
- Boundary markers: Employs XML-style tags (e.g., <tag_selection_criteria>, <template_selection>) to separate processing logic from input data.
- Capability inventory: Utilizes Read, Write, and Edit tools to create and modify blog posts in the local filesystem.
- Sanitization: No explicit content validation or sanitization is performed on incoming proposals before they are used to generate markdown files.
- [NO_CODE]: The skill consists entirely of markdown-based prompts and documentation with no inclusion of executable scripts or binary files, which minimizes traditional software vulnerability risks.
- [SAFE]: No evidence of hardcoded credentials, unauthorized data exfiltration, or suspicious network activity was identified in the analysis of the skill's prompts and templates.
Audit Metadata