Skills
skills/notque/claude-code-toolkit/pre-publish-checker/Gen Agent Trust Hub

pre-publish-checker

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill provides an optional feature (--check-external) to validate the reachability of external URLs found in blog posts. This involves performing outbound network requests to arbitrary domains provided in the content.
  • [PROMPT_INJECTION]: The skill ingests and parses user-provided markdown files, including front matter and body text. This represents an indirect prompt injection surface (Category 8), as malicious instructions could be embedded in the posts.
  • Ingestion points: Target markdown files read during Phase 1 (ASSESS).
  • Boundary markers: None explicitly defined to separate content from agent instructions in the provided files.
  • Capability inventory: Access to tools such as Bash, Read, Write, Edit, and Task, which could be misused if instructions in content are followed.
  • Sanitization: No explicit sanitization or escaping of the content body before processing is described in the skill logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 05:55 AM