Skills
skills/alberduris/skills/beehiiv/Gen Agent Trust Hub

beehiiv

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The draft command provides a --content-file argument that allows the skill to read the contents of a local file and transmit them to the Beehiiv API at api.beehiiv.com. While this is the intended functionality for creating drafts from Markdown or HTML files, it could be leveraged to expose sensitive local information if an attacker influences the file path provided to the tool.
  • [PROMPT_INJECTION]: The skill retrieves post content from the external Beehiiv API and presents it to the agent, creating a potential surface for indirect prompt injection if the retrieved content contains malicious instructions.
  • Ingestion points: External data enters the agent's context through the get command, which retrieves the full HTML body of posts from https://api.beehiiv.com/v2.
  • Boundary markers: The skill does not employ specific delimiters or instruction-ignore warnings when presenting retrieved content to the agent.
  • Capability inventory: The skill environment allows for shell command execution (via node, npm), file system reading, and network access to Beehiiv's infrastructure.
  • Sanitization: No validation or sanitization of the retrieved HTML content is performed before it is output to the agent.
  • [EXTERNAL_DOWNLOADS]: The skill instructions and package.json involve downloading dependencies such as marked from the official npm registry during the setup process.
  • [COMMAND_EXECUTION]: The setup workflow described in SKILL.md requires the execution of npm install and npm run build (which runs the TypeScript compiler) to initialize the skill and its dependencies.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 04:24 PM