ghost-webhooks
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill describes methods for processing untrusted external data via Ghost CMS webhooks. * Ingestion points: Webhook receiver implementation examples in SKILL.md. * Boundary markers: Absent; instructions do not suggest delimiters for external content. * Capability inventory: The skill demonstrates network access (fetch) and administrative write access to CMS content (api.posts.add). * Sanitization: Code examples do not include validation or sanitization of incoming webhook payloads.
- [EXTERNAL_DOWNLOADS]: Documents installation of official libraries from Ghost Foundation (@tryghost/admin-api, @tryghost/content-api, @tryghost/helpers, @tryghost/string) and other standard packages (express, gatsby-source-ghost).
Audit Metadata