daigest
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core functionality involves fetching and processing data from untrusted external sources.
- Ingestion points: The skill retrieves content from external RSS feeds and web URLs via the
POST /feeds/{id}/syncendpoint. - Boundary markers: The documentation does not specify the use of delimiters or specific instructions to help the agent distinguish between external source data and its own internal instructions.
- Capability inventory: The skill allows the use of the
Bashtool, which increases the potential impact if a malicious external source successfully injects and executes commands. - Sanitization: No explicit sanitization or validation of the fetched external content is mentioned in the provided API or skill documentation.
Audit Metadata