Skills
skills/beaverslab/beaver-skill/beaver-rss-digest/Gen Agent Trust Hub

beaver-rss-digest

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local CLI commands to initialize, validate, and run the digest process. It uses shell scripts (scripts/run-cli.sh) to invoke the logic via Node.js or Bun.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it fetches content from external RSS feeds and interpolates it directly into LLM prompt templates defined in config/config.example.yaml.
  • Ingestion points: External RSS feeds defined in the rssFeeds configuration.
  • Boundary markers: The prompt templates use delimiters like ## 待评分文章 and {{articlesList}} to separate instructions from data.
  • Capability inventory: The skill writes Markdown reports to the local file system (outputDir) and makes network requests to RSS sources and LLM providers.
  • Sanitization: There is no evidence of sanitization or filtering of the RSS content (e.g., removing HTML tags or escape sequences) before it is passed to the LLM.
  • [CREDENTIALS_UNSAFE]: The skill manages secrets by requiring users to export environment variables (e.g., LLM_API_KEY) in the shell. This follows standard security best practices for local development tools.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 02:29 AM