news-aggregation
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its processing of external feed content.\n
- Ingestion points: Untrusted headlines and summaries are retrieved from several external RSS feeds, including those from Reddit, Hacker News, and Google News (SKILL.md).\n
- Boundary markers: The agent prompt does not specify the use of delimiters or instructions to prevent the model from interpreting headline content as commands.\n
- Capability inventory: The skill utilizes the agent to group and summarize text; while no dangerous system tools are explicitly defined in the provided code, the agent's core logic is exposed to the processed data.\n
- Sanitization: No sanitization or content validation is implemented for the retrieved RSS items before they are processed by the agent.\n- [EXTERNAL_DOWNLOADS]: The skill fetches data from well-known news organizations and community aggregators.\n
- Evidence: Fetches RSS feeds from services including Reuters, AP, BBC, Al Jazeera, NPR, Google, and Bing (SKILL.md).\n
- Note: The BBC news feed is accessed over an unencrypted HTTP connection (http://feeds.bbci.co.uk/news/world/rss.xml).
Audit Metadata