Skills
skills/peterbamuhigire/business-plan-skills/blog-idea-generator/Gen Agent Trust Hub

blog-idea-generator

Pass

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it is instructed to read and process multiple user-controlled files from the docs/ and src/ directories to gather context for blog ideas. Findings based on the mandatory evidence chain:
  • Ingestion points: Files such as docs/en/company-profile.md, docs/en/services.md, docs/en/pages.md, and articles within src/pages/en/blog/ are read to build a business profile.
  • Boundary markers: The skill does not implement delimiters or explicit instructions to ignore embedded commands within the processed data files.
  • Capability inventory: The skill possesses the capability to write to local files (Step 7: topic-ideas.md) and executes shell commands (wc -l).
  • Sanitization: There is no evidence of sanitization, filtering, or validation of the ingested content before it is processed by the agent.
  • [COMMAND_EXECUTION]: The SKILL.md file contains a directive to verify the file's line count using the wc -l shell command. While this specific command is harmless, the practice of including shell execution instructions in agent skills provides a potential vector for command injection if the path or arguments were influenced by untrusted data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 18, 2026, 01:40 AM