technical-blog-writing
Warn
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requests broad execution permissions for the
infshCLI viaBash(infsh *). This toolset provides extensive capabilities including authentication, application execution, and social media interaction. - [REMOTE_CODE_EXECUTION]: The skill utilizes
infsh app run infsh/python-executorto perform dynamic execution of Python code. While the provided examples for chart generation are benign, this pattern allows for the execution of arbitrary scripts provided by the agent at runtime. - [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection through its research phase.
- Ingestion points: External data is ingested via
infsh app run exa/search(SKILL.md). - Boundary markers: None identified; search results are processed without explicit delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill has access to Python execution, image generation, and social media posting tools (SKILL.md).
- Sanitization: There is no evidence of sanitization or validation of retrieved search content before it is used by the agent to generate blog posts or run scripts.
- [DATA_EXFILTRATION]: The skill contains functionality to transmit data to external platforms, specifically X (Twitter), using
infsh app run x/post-create. While intended for blog distribution, this capability could be abused to exfiltrate sensitive information processed during the writing or research steps.
Audit Metadata