Skills
skills/psquared-development/psquared-skills/blog-inboxmate/Gen Agent Trust Hub

blog-inboxmate

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands (git add, git commit, git push) to automate the publication process to a remote repository.
  • [COMMAND_EXECUTION]: The instructions explicitly mandate fully autonomous execution ("Run fully autonomously. Do not ask for confirmation between steps"), which removes the human oversight typically required for file system modifications and repository pushes.
  • [DATA_EXFILTRATION]: The skill reads local application source code and content from the user's local directory and transmits this data to a remote Git repository (origin main).
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it ingests untrusted data from the internet via WebSearch and uses it to construct HTML files and shell command arguments.
  • Ingestion points: Step 3 uses WebSearch to gather external information about industry trends and news.
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to prevent it from following instructions that might be embedded in the retrieved web content.
  • Capability inventory: The agent has the capability to read/write local files and execute Git commands across the target project directory.
  • Sanitization: There is no instruction to sanitize, validate, or escape the retrieved web content before it is interpolated into the blog post or the Git commit message.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 07:38 AM
Security Audit — agent-trust-hub — blog-inboxmate