Skills
skills/zura1555/agents/blog-analytics/Gen Agent Trust Hub

blog-analytics

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Data Exposure & Exfiltration (MEDIUM): The import command in tools/TrackPerformance.ts allows the agent to read arbitrary files from the local filesystem. By providing a path as an argument to importMetrics, the script performs a readFileSync without validating that the path is within the intended workspace. \n- Dynamic Execution (MEDIUM): The month parameter used in the log and list commands of tools/TrackPerformance.ts is vulnerable to path traversal. The script uses this input in path.join and mkdirSync without sanitization, which could allow the creation of directories or writing of files outside the designated analytics directory. \n- Indirect Prompt Injection (LOW): The skill is susceptible to indirect prompt injection (Category 8). \n
  • Ingestion points: Metric data is ingested via CLI arguments (log command) and external JSON files (import command). \n
  • Boundary markers: None are present to distinguish between data and instructions. \n
  • Capability inventory: The script has full read/write access to the local filesystem within the agent's permission scope. \n
  • Sanitization: Input strings such as blog titles, topics, and metric data are processed without sanitization or escaping, potentially allowing malicious data to influence agent behavior during insight generation.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:44 PM