newsletter-curation
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install additional components from the vendor's repository via 'npx skills add inference-sh/skills'. It also utilizes remote applications such as 'tavily/search-assistant' and 'exa/search' to perform network-based content searches.
- [COMMAND_EXECUTION]: Employs the 'infsh' CLI for essential tasks including authentication and tool execution. These commands are part of the core functionality and are intended for direct execution by the user.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection vulnerabilities when handling external content.
- Ingestion points: Data is ingested from the internet via search tools ('tavily/search-assistant', 'exa/search') to provide content for newsletters.
- Boundary markers: The provided curation templates lack specific delimiters or instructions to ignore potential commands embedded in the retrieved web content.
- Capability inventory: The toolset includes capabilities for shell command execution through 'infsh' and social media interaction via 'x/post-create'.
- Sanitization: There is no evidence of content sanitization or instruction filtering applied to the search results before they are processed for commentary and publication.
- [NO_CODE]: The skill does not package any standalone executable scripts or source files, relying solely on markdown instructions and CLI command examples.
Audit Metadata