qiaomu-blog-publish

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions frequently utilize curl for interacting with the blog's REST API. These commands are used to fetch categories, upload media files, and submit the final blog post data.
  • [DATA_EXFILTRATION]: The skill reads local Markdown files, media attachments, and configuration files (including API tokens) to transmit them to a remote server. While this is the core functionality of a 'publish' skill, it involves the transmission of local data and credentials to a user-defined endpoint.
  • [PROMPT_INJECTION]: The skill includes a feature to fetch and process content from external URLs, which introduces a surface for indirect prompt injection. Malicious content on a target webpage could potentially attempt to influence the agent's behavior during the parsing and publishing process.
  • Ingestion points: Data enters the context through the URL fetching mechanism described in Step 1 of the workflow in SKILL.md.
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between its instructions and the content retrieved from external URLs.
  • Capability inventory: The skill possesses network capabilities via curl and file-read access to the local filesystem for processing Markdown and media.
  • Sanitization: There is no mention of sanitization or filtering of the content retrieved from URLs before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 12:29 PM
Security Audit — agent-trust-hub — qiaomu-blog-publish