blog-post-writer
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill retrieves the
SEEDREAM_API_KEYfrom environment variables, which is a secure practice for managing API credentials. - [DATA_EXPOSURE_AND_EXFILTRATION]: The skill performs network requests to
api.gptnb.aito generate images. This external communication is disclosed and aligned with the tool's core functionality. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user input, including raw text and reference links, which could potentially contain malicious instructions.
- Ingestion points: Scattered thoughts, original articles, and reference links provided by the user as described in
SKILL.md. - Boundary markers: Absent; the skill processes user input directly without specific delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill calls the
generate_imagetool and writes output to a new Markdown file on the local file system. - Sanitization: No sanitization, validation, or filtering of the user-provided content is implemented.
Audit Metadata