hn-search
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill performs read-only network requests to
hn.algolia.com, a public API. No credentials are required or exposed, and no sensitive local data is accessed or transmitted. - [Indirect Prompt Injection] (SAFE): The skill is designed to process untrusted user-generated content (Hacker News comments and stories). This is the primary intended use case.
- Ingestion points:
SKILL.md(JSON response parsing from the Algolia API). - Boundary markers: Not explicitly defined in the instructions, though the skill provides structured formatting for the output.
- Capability inventory: Only includes
web_fetchfor data retrieval andexec: date +%sfor local timestamp calculation; no destructive or persistent capabilities are present. - Sanitization: Not specified, but the agent's presentation format acts as a display layer.
- [Command Execution] (SAFE): The skill uses
exec: date +%sto generate a current Unix timestamp. This is a standard, low-risk operation used to calculate date filters for the API query.
Audit Metadata