blog-writing-specialist
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a library of writing guidelines and templates. It does not include executable scripts, network requests, or credential handling. All instructions are focused on content generation and stylistic adherence.
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to process untrusted user data ('brain dumps') as its primary input. While this creates a surface for indirect prompt injection where a user could embed instructions to influence the agent's output, the skill lacks dangerous capabilities (like file system writes or network exfiltration) that would make such an injection high-risk. There are no specific boundary markers defined in the prompt to separate user data from instructions.
- [COMMAND_EXECUTION]: The skill mentions using charting libraries like matplotlib or Chart.js for visualizations. While these often require code execution via a tool (like a Python interpreter), the skill itself provides instructions to 'avoid third-party execution risks' by using self-hosted or local tools, demonstrating a security-conscious approach to diagram generation.
Audit Metadata