blogwatcher
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
blogwatcherCLI tool directly from a third-party GitHub repository (github.com/Hyaxia/blogwatcher). This introduces a dependency on external code that is not from a trusted vendor or the skill's author. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface. 1. Ingestion point: External RSS/Atom feeds via the
blogwatcher scancommand (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Execution of CLI commands that return feed content to the agent context (SKILL.md). 4. Sanitization: Absent. - [DATA_EXFILTRATION]: The skill performs outbound network requests to fetch data from RSS/Atom feeds. Although intended for its functionality, it involves making connections to arbitrary external domains provided by users or feed sources.
Audit Metadata