User-controlled placeholder is embedded directly into generated source code.
Critical
- Code
- suspicious.generated_source_template_injection
- Location
- SKILL.md:243
Security audit
Security checks across malware telemetry and agentic risk
This Ghost CMS skill is documentation-focused and its powerful site-management examples are aligned with its stated purpose, with no hidden execution or exfiltration found.
Install only if you want an assistant to help with Ghost CMS administration and development. Treat Admin API keys as sensitive, prefer staging or local Ghost instances, back up content/themes, and require explicit approval before edits, deletes, member or webhook changes, image uploads, theme activation, production installs, updates, or deployments.
65/65 vendors flagged this skill as clean.
Detected: suspicious.generated_source_template_injection