content-writer
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a shell command (
find) to dynamically locate its reference documentation (content-writing.md) within standard agent plugin directories. This is a configuration discovery mechanism and does not involve arbitrary or untrusted input.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection when performing content improvements on external URLs or files. Malicious content within the audited pages could attempt to hijack the agent's instructions. The risk is managed by the skill's prescriptive workflow and quality gate checks.\n - Ingestion points: External web content retrieved via firecrawl or local files provided by the user (SKILL.md Step 2).\n
- Boundary markers: None (No explicit delimiters used to wrap untrusted content).\n
- Capability inventory: Shell command execution (bash), filesystem access (find/read), and image generation via platform-specific MCP tools.\n
- Sanitization: No explicit sanitization or filtering of external content before analysis.
Audit Metadata