list-feeds-skill
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes content fetched from an external social media platform, which creates a surface for indirect prompt injection if the ingested data contains malicious instructions.
- Ingestion points: External feed data is ingested from the MCP server in 'scripts/list-feeds.mjs'.
- Boundary markers: The skill does not use any boundary markers or instructions to isolate untrusted content from the agent's primary instructions.
- Capability inventory: The agent is granted Bash and Read tools, which could be exploited if malicious instructions embedded in the feed content are followed.
- Sanitization: There is no evidence of sanitization, filtering, or validation of the feed content before it is parsed and logged to the agent's context.
Audit Metadata