blog-geo
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes an external Python script located at skills/blog-google/scripts/run.py to query Google Search Console data using arguments like the property name and URL filtered from the content.
- [PROMPT_INJECTION]: The skill processes untrusted blog content which creates an attack surface for indirect prompt injection. 1. Ingestion points: Full content text, headings, and metadata are extracted in Step 1. 2. Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore embedded commands in the blog post. 3. Capability inventory: The agent generates reports and has the ability to execute a local Python script. 4. Sanitization: There is no evidence of sanitization or validation of the ingested content before it is processed.
Audit Metadata