mizchi-blog-style
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill uses a subagent dispatch mechanism that processes external article files (
<記事ファイルのパス>). This creates an attack surface for indirect prompt injection if the processed content contains adversarial instructions. There are no explicit boundary markers or sanitization steps in the dispatch template to prevent the subagent from obeying instructions embedded in the articles. - Ingestion points: The article content is ingested into the subagent via the path provided in the template in
SKILL.md. - Boundary markers: Absent; the template does not use delimiters or warnings to ignore instructions within the target article.
- Capability inventory: The skill utilizes file read operations (
Read) and subagent creation (Task tool). - Sanitization: Absent.
- [DATA_EXPOSURE]: The skill references absolute local file paths (
/Users/mz/.claude/skills/mizchi-blog-style/SKILL.md) and repository structures (~/ghq/github.com/mizchi/zenn/CLAUDE.md). While these are functional for the author's specific environment, they expose internal directory structures and user-specific paths.
Audit Metadata