qiaomu-blog-publish
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions frequently utilize
curlfor interacting with the blog's REST API. These commands are used to fetch categories, upload media files, and submit the final blog post data. - [DATA_EXFILTRATION]: The skill reads local Markdown files, media attachments, and configuration files (including API tokens) to transmit them to a remote server. While this is the core functionality of a 'publish' skill, it involves the transmission of local data and credentials to a user-defined endpoint.
- [PROMPT_INJECTION]: The skill includes a feature to fetch and process content from external URLs, which introduces a surface for indirect prompt injection. Malicious content on a target webpage could potentially attempt to influence the agent's behavior during the parsing and publishing process.
- Ingestion points: Data enters the context through the URL fetching mechanism described in Step 1 of the workflow in
SKILL.md. - Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between its instructions and the content retrieved from external URLs.
- Capability inventory: The skill possesses network capabilities via
curland file-read access to the local filesystem for processing Markdown and media. - Sanitization: There is no mention of sanitization or filtering of the content retrieved from URLs before it is processed by the agent.
Audit Metadata