Skills
skills/biggora/claude-plugins-registry/commafeed-api/Gen Agent Trust Hub

commafeed-api

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides numerous shell commands using curl and jq to interact with the CommaFeed API.
  • [EXTERNAL_DOWNLOADS]: The skill makes network requests to a user-provided COMMAFEED_HOST to fetch and manipulate RSS feed data.
  • [PROMPT_INJECTION]: The skill processes content from external RSS feeds (titles, descriptions, HTML content), which represents a surface for indirect prompt injection attacks where malicious instructions could be embedded in feed data.
  • Ingestion points: RSS feed entries are fetched via the /rest/category/entries and /rest/feed/entries endpoints as described in SKILL.md.
  • Boundary markers: No delimiters or warnings to ignore embedded instructions are included in the prompt construction examples.
  • Capability inventory: The skill possesses shell command execution (curl), Node.js (fetch), and Python (requests) capabilities.
  • Sanitization: No sanitization logic for external feed content is provided in the implementation examples.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 08:12 PM