Skills
skills/jeremy-allen/claude-skills/posit-news/Gen Agent Trust Hub

posit-news

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the system command date +%Y-%m-%d to retrieve the current date for categorizing events as recent or upcoming.
  • [EXTERNAL_DOWNLOADS]: The skill uses a web fetching tool to retrieve content from official Posit domains and associated blogs, including posit.co, tidyverse.org, shiny.posit.co, and quarto.org. These are well-known technology service domains.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface.
  • Ingestion points: External content is fetched from various blogs, podcasts, and sitemaps on posit.co and related domains via the WebFetch tool as described in SKILL.md.
  • Boundary markers: The instructions do not define clear delimiters or provide 'ignore embedded instructions' warnings when passing fetched content to sub-agent prompts.
  • Capability inventory: The agent has the capability to execute specific system commands (date) and perform network operations (WebFetch).
  • Sanitization: No explicit sanitization or validation of the fetched content is performed before the data is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 03:40 AM