Skills
skills/firecrawl/openclaw/blogwatcher/Gen Agent Trust Hub

blogwatcher

Warn

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the blogwatcher tool directly from a non-trusted GitHub repository (github.com/Hyaxia/blogwatcher) using the go install command.
  • [COMMAND_EXECUTION]: The skill executes the blogwatcher CLI to interact with the file system and network for feed management.
  • [PROMPT_INJECTION]: The skill is designed to fetch and display content from external RSS/Atom feeds, creating a surface for indirect prompt injection.
  • Ingestion points: Data returned from blogwatcher scan and blogwatcher articles (SKILL.md).
  • Boundary markers: Absent.
  • Capability inventory: Shell command execution via the blogwatcher CLI.
  • Sanitization: No sanitization of feed content is described or implemented.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 18, 2026, 12:42 PM