hackernews-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [SAFE] (SAFE): The skill contains only documentation (SKILL.md) and no executable code, scripts, or binary assets.
- [Indirect Prompt Injection] (SAFE): The skill's primary purpose is processing user-generated data from HackerNews, which inherently introduces a surface for indirect prompt injection. However, since the skill consists of instructions and no logic, this is a property of the task rather than a malicious defect. 1. Ingestion points: HackerNews stories and comments. 2. Boundary markers: Absent from the provided instructions. 3. Capability inventory: Automated tool execution (posting, voting) via the Hackernews toolkit. 4. Sanitization: Not specified in the documentation.
Audit Metadata