rss-automation
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted content from external RSS/Atom feeds which presents an indirect prompt injection surface.
- Ingestion points: The check_feed function in SKILL.md fetches data from user-provided URLs.
- Boundary markers: Absent. There are no delimiters or instructions to ignore embedded commands within the feed content.
- Capability inventory: The skill has the ability to read and write to the local file system (~/.openclaw/rss-seen.json) and perform network requests.
- Sanitization: None. Feed entries are parsed and handled without filtering or escaping of potential instructions.
Audit Metadata