day5-fetch-and-digest
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill design creates a surface for Indirect Prompt Injection by ingesting untrusted content from social media platforms.
- Ingestion points: Ingests data from X/Twitter (via fxtwitter API) and YouTube subtitles (via yt-dlp).
- Boundary markers: Delimiters or specific safety instructions are absent from the provided skill templates.
- Capability inventory: The skill possesses network access (WebFetch) and the ability to execute shell commands (yt-dlp, sed).
- Sanitization: Basic text cleaning is performed using
sedto remove formatting, but there is no semantic sanitization to prevent the LLM from following instructions embedded in the external content. - [DATA_EXFILTRATION] (LOW): The skill performs network operations to
api.fxtwitter.com. This domain is not on the trusted whitelist, though it is a common community service for fetching social media metadata. - [COMMAND_EXECUTION] (SAFE): The instructions utilize standard system commands (
yt-dlp,sed,grep,tr) to process media metadata and subtitles. These are appropriate for the skill's stated purpose. - [EXTERNAL_DOWNLOADS] (SAFE): The skill recommends installing
yt-dlp, a well-known and reputable open-source tool, via standard package managers.
Audit Metadata