rss-agent-viewer
Fail
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill executes
npx -y rss-agent-viewer, which downloads and runs code from the npm registry. This package is maintained by an unverified third-party account (brooksy4503) rather than the skill author or a trusted vendor. - [COMMAND_EXECUTION]: The skill relies on the
rss-viewercommand to perform network operations, file system access for configuration, and local database management. - [PROMPT_INJECTION]: The skill is designed to ingest and process content from external RSS/Atom feeds and web searches, creating a surface for indirect prompt injection.
- Ingestion points: Data enters the system via
rss-viewer readandrss-viewer discover-searchcommands. - Boundary markers: There are no specified delimiters or instructions to prevent the agent from obeying commands embedded in the retrieved content.
- Capability inventory: The skill can execute subprocesses and make arbitrary network requests to fetch feed data.
- Sanitization: No evidence of input sanitization or instruction filtering is provided for the fetched external content.
Recommendations
- AI detected serious security threats
Audit Metadata