rss-skill
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@atopos31/agent-rsspackage from the NPM registry. This is a vendor-owned resource belonging to the author 'atopos31' and is the primary tool used for the skill's logic. - [COMMAND_EXECUTION]: The skill executes shell commands using the
agent-rssutility to add, update, and fetch feeds. It also utilizes shell redirection to save results into temporary files within the/tmp/directory. - [PROMPT_INJECTION]: The skill has a vulnerability surface for indirect prompt injection because it retrieves and processes content from untrusted external RSS feeds.
- Ingestion points: Data is ingested through the
agent-rss fetchcommand, which reads from user-provided or third-party RSS/Atom URLs. - Boundary markers: The skill does not implement boundary markers or instructions to ignore potential commands embedded in the fetched feed data.
- Capability inventory: The skill has the capability to perform global package installations, execute CLI tools, and write/read from the local filesystem.
- Sanitization: There is no evidence of sanitization or validation of the retrieved feed content before it is read by the agent.
Audit Metadata