ez-hn
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted content from Hacker News which could contain malicious instructions.\n
- Ingestion points: Fetches story details, comments, and user profiles from hacker-news.firebaseio.com and hn.algolia.com within scripts/hn.py.\n
- Boundary markers: None present. Content is printed directly to the console without delimiters.\n
- Capability inventory: Limited to network read operations and console output. No file system writes or command execution capabilities detected in scripts/hn.py.\n
- Sanitization: The html_to_text function in scripts/hn.py strips HTML tags and unescapes entities, providing basic sanitization of the fetched data.\n- [DATA_EXFILTRATION]: Network operations are confined to well-known Hacker News and Algolia API domains. No access to sensitive local files or environment variables was found.\n- [REMOTE_CODE_EXECUTION]: Dependencies are limited to standard libraries (typer, httpx). There are no instances of remote code execution or execution of dynamically generated code.
Audit Metadata