daily-news
Warn
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external news content from RSS feeds and web pages to generate summaries and reports, creating a surface for indirect prompt injection attacks.
- Ingestion points: Untrusted data enters via
references/methods/rss.pyand various web-scraping methods defined in themethods/directory (e.g., usingwebfetch-smartorbrowser-smart). - Boundary markers: No explicit boundary markers or instructions to disregard embedded commands are present in the
references/prompts/summary.mdorreferences/prompts/report.mdtemplates. - Capability inventory: The skill has the ability to write to the local filesystem (HTML/Markdown generation in
build.py), modify a local SQLite database (scripts/db.py), and execute shell commands for git operations and deployment. - Sanitization: There is no evidence of sanitization or filtering of external content before it is interpolated into prompts for the LLM.
- [EXTERNAL_DOWNLOADS]: The skill recommends the global installation of an unverified third-party tool,
agent-browser, via NPM (npm install -g agent-browser). It also depends on several standard Python libraries for web scraping and feed parsing. - [COMMAND_EXECUTION]: The workflow relies on the execution of multiple shell commands, including database initialization (
python3 scripts/db.py init), repository management via the GitHub CLI (gh repo create), and automated site building and deployment via Git. - [CREDENTIALS_UNSAFE]: The
LOGIN_GUIDE.mdfile provides detailed instructions for users to provision credentials for Twitter/X. This includes manually extracting session cookies and setting plaintext usernames and passwords as environment variables (e.g.,export TWITTER_PASSWORD="your_password"), which is a risky security practice.
Audit Metadata