noise2blog
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using
curlandpython3to interact with external APIs. Specifically, it calls the Google Gemini API (generativelanguage.googleapis.com) to generate blog content and the Tavily API (api.tavily.com) to conduct research. These operations use environment variables for authentication. - [EXTERNAL_DOWNLOADS]: The skill utilizes a
WebFetchtool to retrieve content from arbitrary URLs provided by the user. This content is then used as source material for the blog generation process. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting untrusted data from user-provided notes or external websites and interpolating it into prompts for the Gemini model.
- Ingestion points: Data is ingested through direct text input or by fetching content from URLs via
WebFetch(SKILL.md, Step 2). - Boundary markers: While the skill uses a structured JSON payload to wrap the content for the Gemini API call (SKILL.md, Step 5), it does not implement specific delimiters or instructions to the model to ignore potential instructions embedded within the user content.
- Capability inventory: The skill can execute network requests using
curland fetch external web content, which could be leveraged if the LLM is successfully manipulated. - Sanitization: No explicit sanitization, filtering, or escaping of the ingested content is performed before it is sent to the LLM.
Audit Metadata