opennews
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
curlto make HTTP requests to the 6551.io API. This is the primary intended function of the skill for data retrieval. - [CREDENTIALS_UNSAFE]: The skill requires an
OPENNEWS_TOKENenvironment variable for authentication. It provides clear instructions for users to obtain their own token and does not contain any hardcoded secrets. - [EXTERNAL_DOWNLOADS]: The skill makes network requests to
ai.6551.io. These are legitimate API calls to the service provider described in the documentation. - [DATA_EXFILTRATION]: No patterns of unauthorized data access or transmission were detected. The data flows are limited to sending search parameters to the official API and receiving news content.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external news data (titles, summaries). While this presents a theoretical injection surface common to all news-reading tools, it is used for information display and does not have high-privilege capabilities that would lead to escalation.
Audit Metadata