opennews
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [DATA_EXFILTRATION]: The skill is configured to access the OPEN_TOKEN environment variable and transmit it within the Authorization header to ai.6551.io. This domain is an official resource owned by the skill's vendor (6551team), and the transmission is a required step for authenticating API requests.
- [PROMPT_INJECTION]: The skill processes news headlines, summaries, and ratings fetched from external sources through its search endpoints, which constitutes a surface for indirect prompt injection. Ingestion points: Untrusted data is retrieved from the news_search API endpoint. Boundary markers: The skill does not define specific delimiters or instructions to isolate news content from agent instructions. Capability inventory: The skill uses curl to perform network operations. Sanitization: The skill does not specify any sanitization or validation procedures for the fetched news content before it is presented to the agent.
Audit Metadata