technical-blog-writing
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to executeinfshCLI commands, which are used for authentication, searching, image generation, and social media integration. - [EXTERNAL_DOWNLOADS]: The skill directs users to download and install a CLI tool from a remote GitHub repository (
inference-sh/skills). This is documented as a setup requirement and targets the platform's official source. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves external content via the
exa/searchtool to research blog topics. - Ingestion points: Web search results fetched via the
infshCLI in the research step (SKILL.md). - Boundary markers: No specific delimiters or instructions are used to prevent the agent from obeying instructions potentially embedded in the search results.
- Capability inventory: The skill can execute Python code, perform network searches, generate images via HTML rendering, and post to social media (X/Twitter).
- Sanitization: The skill does not include sanitization or filtering logic for the data retrieved from external searches before it is incorporated into the generated blog content.
- [REMOTE_CODE_EXECUTION]: The skill utilizes an
infsh/python-executortool to run embedded Python code for generating charts. While the example code is static and benign (using matplotlib), this pattern involves runtime execution of code that an agent might modify based on user prompts.
Audit Metadata