Skills
skills/dokhacgiakhoa/antigravity-ide/daily-news-report/Gen Agent Trust Hub

daily-news-report

Warn

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The GitHub Action example uses npx antigravity-ide, which dynamically fetches and executes a package from the npm registry that is not listed in the trusted vendors or services list.
  • [PROMPT_INJECTION]: The skill processes content from untrusted external sources (RSS, APIs, and web scraping), creating an attack surface for indirect prompt injection.
  • Ingestion points: RSS feeds from TechCrunch, Hacker News, and Verges, plus APIs from NewsAPI, GNews, and Reddit, and scraping via firecrawl-scraper.
  • Boundary markers: The LLM summarization instructions do not include boundary markers or commands to ignore instructions embedded in the source articles.
  • Capability inventory: The skill has the capability to output processed data to Markdown, HTML email, or Slack/Discord payloads.
  • Sanitization: There is no evidence of sanitization or validation of the fetched external content before it is processed by the LLM.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 10, 2026, 09:25 PM