Skills
skills/compilet-dev/agent-skill-layerproof/blog-post/Gen Agent Trust Hub

blog-post

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill contains logic for the agent to execute a local shell file using the source command (source .env.local). This allows for the execution of arbitrary commands if the target file is manipulated or contains untrusted input.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it instructs the agent to retrieve and process external content from an API without specific sanitization or boundary markers.
  • Ingestion points: Content is retrieved from endpoints like GET /api/v2/blog-posts/{blog_post_id} and GET /api/v2/blog-posts/{id}/generation/{ai_edit_id}.
  • Boundary markers: The instructions do not define delimiters or warnings to ignore instructions embedded within the retrieved blog content.
  • Capability inventory: The skill uses curl for network operations and source for command execution.
  • Sanitization: There are no instructions for the agent to validate or sanitize external data before processing it as part of the blog management workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 04:04 PM