blog-audit
Pass
Audited by Gen Agent Trust Hub on May 21, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses globbing to identify blog files across the project and writes a report to the filesystem (
blog-audit-report.md). These actions are standard for a site audit tool and do not involve shell injection or dangerous system commands.- [PROMPT_INJECTION]: No prompt injection attempts, safety overrides, or system prompt extraction techniques were identified in the instructions.- [DATA_EXFILTRATION]: No network-enabled tools or external URLs are present in the skill. The analysis and reporting are performed locally without data transmission to external domains.- [REMOTE_CODE_EXECUTION]: The skill does not download or execute external scripts or packages. It relies on internal subagents via a Task tool for processing, which is a standard platform feature.- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data (blog posts) which presents a standard attack surface. However, the risk is minimal as the skill's capabilities are limited to analysis and local file reporting. There are no high-privilege operations or network actions that could be triggered by malicious content in the processed files.
Audit Metadata