blog-taxonomy
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's architecture creates a surface for indirect prompt injection because it processes untrusted data which then influences downstream actions.
- Ingestion points: The skill ingests data from local files through the suggest command and from remote CMS endpoints during sync and audit operations.
- Boundary markers: The instructions lack defined delimiters or specific 'ignore embedded instructions' directives to isolate processed content from the agent's control flow.
- Capability inventory: The skill possesses network capabilities to interact with multiple CMS platforms (WordPress, Shopify, Ghost, Strapi, Sanity), providing an exploitable channel if injected instructions are followed.
- Sanitization: No validation or sanitization logic is provided to ensure that input content does not contain malicious patterns or instructions.
Audit Metadata