blogwatcher
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs a Go binary from a third-party, untrusted GitHub repository (
github.com/Hyaxia/blogwatcher). This installation occurs from an unverified source not listed in the trusted vendors. - [PROMPT_INJECTION]: The skill ingests data from external RSS and Atom feeds, creating an attack surface for indirect prompt injection where malicious instructions could be embedded in tracked blogs. Mandatory Evidence Chain: 1. Ingestion points: The
blogwatcher scanandblogwatcher articlescommands described inSKILL.mdprocess external feed content; 2. Boundary markers: The skill does not implement delimiters or safety warnings to distinguish between instructions and feed data; 3. Capability inventory: The skill enables execution of theblogwatcherbinary; 4. Sanitization: There is no evidence of content sanitization or validation for the incoming feed data.
Audit Metadata