newsletter-signal-scanner
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external newsletter subscriptions.
- Ingestion points: Newsletter email bodies fetched via the
agentmailcapability as described inSKILL.md. - Boundary markers: Absent. The instructions do not define delimiters or specific isolation protocols for the ingested email content.
- Capability inventory: The skill includes file-writing capabilities to save intelligence reports to the local file system.
- Sanitization: The skill performs HTML-to-text stripping, which removes structural markers but does not sanitize potential linguistic instructions in the plain text.
- [COMMAND_EXECUTION]: The skill includes a 'Scheduling' section that instructs users to set up a
cronjob. This involves executing a local script (run_skill.py) periodically, which is the intended method for maintaining the automated nature of the newsletter scanning task.
Audit Metadata