Skills
skills/aaronjmars/aeon/Hacker News Digest/Gen Agent Trust Hub

Hacker News Digest

Pass

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches story metadata and discussion threads from Hacker News's public APIs on Firebase and Algolia.\n- [COMMAND_EXECUTION]: Executes shell commands including curl and jq for data processing, and invokes a local notification script ./notify.\n- [PROMPT_INJECTION]: The skill processes untrusted content from external sources, making it susceptible to indirect prompt injection.\n
  • Ingestion points: Retrieves news summaries and comments from hacker-news.firebaseio.com, hn.algolia.com, and external article URLs via WebFetch fallback.\n
  • Boundary markers: No explicit delimiters or boundary markers are utilized to separate external data from agent instructions.\n
  • Capability inventory: Includes shell command execution (curl, jq, date), local file system access (read/write in memory/ and .cache/), and local script execution (./notify).\n
  • Sanitization: Content is filtered by length and basic keyword exclusion, but no security-focused sanitization or instruction filtering is applied to the retrieved content.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 26, 2026, 01:57 PM