mizchi-blog-style
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it instructs an agent to process and analyze untrusted article drafts.
- Ingestion points: The article draft content is ingested via the template variable '<記事ファイルのパス>' in the subagent dispatch section.
- Boundary markers: The template uses Markdown headers (e.g., '## 対象記事') to delimit the input data, but these do not provide strong security boundaries.
- Capability inventory: The skill utilizes capabilities for reading local files and dispatching subagents to perform analysis.
- Sanitization: There is no evidence of sanitization or validation of the ingested draft content before it is processed by the agent.
- [DATA_EXFILTRATION]: The skill contains hardcoded absolute file paths pointing to specific locations in the user's home directory ('/Users/mz/ghq/github.com/mizchi/zenn/CLAUDE.md' and '/Users/mz/.claude/skills/mizchi-blog-style/SKILL.md'). While these appear to be legitimate configuration paths for the author (mizchi), hardcoding absolute paths to local files can lead to unintended filesystem exposure or reconnaissance if the skill is used in environments with different directory structures.
Audit Metadata