worldmonitor-intelligence-dashboard
Fail
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides instructions to install Ollama, a well-known local AI service, using a shell script download (curl -fsSL https://ollama.ai/install.sh | sh). This is a standard installation method for the service.- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection through its news aggregation features.
- Ingestion points: The dashboard ingests data from over 435 external RSS and API feeds defined in 'src/feeds/' and handled by 'api/feeds/aggregate.ts'.
- Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands documented for the ingested feed items before they are passed to the AI synthesizer.
- Capability inventory: The AI synthesis pipeline (src/ai/synthesize.ts) generates summaries and extracts signals which are then displayed to the user or used for dashboard alerts.
- Sanitization: There is no evidence of sanitization, filtering, or validation of the feed content before it is processed by the local LLM.
Recommendations
- HIGH: Downloads and executes remote code from: https://ollama.ai/install.sh - DO NOT USE without thorough review
Audit Metadata