rust-daily
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill possesses a significant attack surface for indirect prompt injection.
- Ingestion points: The skill fetches content from external, user-controlled or community-driven websites including Reddit (
r/rust),this-week-in-rust.org, andrustfoundation.orgusingagent-browserandWebFetch(SKILL.md). - Boundary markers: There are no delimiters or 'ignore instructions' warnings implemented for the fetched content before it is processed.
- Capability inventory: The skill utilizes
agent-browserfor browser automation,mcp__actionbookfor tool execution, and initiates a subagentTaskusing thegeneral-purposetype, which can execute further logic. - Sanitization: The skill lacks any explicit sanitization, filtering, or validation of the content retrieved from external sources before presenting it to the agent or subagent.
- [Privilege Escalation] (HIGH): The skill attempts to escape its own directory structure using path traversal (
../../agents/rust-daily-reporter.md) to read configuration or logic from a parent directory. This violates the principle of least privilege and indicates an attempt to access files outside the skill's sandbox. - [Command Execution] (MEDIUM): The skill explicitly instructs the agent to execute shell commands via
agent-browser CLIto open URLs and extract text. While the domains are currently news-related, this mechanism can be abused if the input is manipulated. - [Data Exposure & Exfiltration] (LOW): The skill performs network operations to multiple external domains. While these are news sites, the use of
agent-browserandWebFetchto interact with non-whitelisted domains represents a telemetry and data exposure risk.
Recommendations
- AI detected serious security threats
Audit Metadata