Ghost CMS

A mistaken or over-eager agent action could publish content, delete data, change subscribers, moderate public comments, or alter site administration.

This shows broad Ghost Admin API mutation and public-publishing authority. It is purpose-aligned and disclosed, but the registry metadata indicates model invocation is not disabled and capability tags were not derived, so these high-impact actions are not clearly bounded by enforced user control.

Users may believe the platform enforces explicit invocation when the submitted registry metadata does not show that protection.

This documented security claim conflicts with the registry flags supplied for the skill, which say disable-model-invocation is false and the agent can invoke the skill autonomously.

Anyone or any agent action using this key can read and modify content, users, members, comments, settings, and public publishing state.

The credential requirement is expected for Ghost Admin API management and is clearly disclosed, but it grants complete site authority.

If used, a webhook could keep sending Ghost events to an external destination after the immediate task is complete.

Webhook management is documented as part of the API coverage. Creating or updating webhooks can establish persistent external data flows, so users should notice this boundary even though it is part of comprehensive Ghost administration.

You may run local Node code and npm dependencies that are not represented by a formal install spec in the registry metadata.

The artifact set includes runnable scripts and npm setup, but the registry install/provenance metadata is incomplete. This is a supply-chain review note, not evidence of malicious behavior.