publish-blog
Warn
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple Python scripts (
content-scorer.py,brand-voice-scorer.py,approval-manager.py, andexecution-tracker.py) during the publishing workflow. As these scripts are not included in the skill package, their contents cannot be verified for safety. - [DATA_EXFILTRATION]: The instructions require reading from the user's home directory (e.g.,
~/.claude-marketing/brands/). This pattern of accessing application-specific configuration files outside the project scope can lead to the exposure of sensitive brand profiles or local settings. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted "Blog content" drafts that could contain malicious instructions.
- Ingestion points: User-provided blog drafts (
SKILL.md). - Boundary markers: No explicit delimiters or security warnings are used to separate the untrusted draft content from the agent's instructions.
- Capability inventory: The skill has the ability to execute local scripts and interact with external CMS platforms via MCP servers.
- Sanitization: The process includes quality and brand voice scoring, but lacks security-focused sanitization to prevent the agent from executing instructions embedded within the draft content.
Audit Metadata