blog-schema
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection as it ingests and processes untrusted external content to generate JSON-LD schema.
- Ingestion points: The workflow reads headline, author details, social links, and FAQ content from blog posts (Step 1).
- Boundary markers: Absent. There are no explicit instructions for the agent to treat the source text as data-only or to ignore embedded instructions.
- Capability inventory: The skill creates structured data output for user consumption. It does not perform direct network operations or file writes itself.
- Sanitization: While the skill includes validation for character lengths and URL structures (Step 8), it lacks sanitization logic to detect or neutralize malicious instructions embedded in the source blog content.
Audit Metadata