aggregating-crypto-news
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill follows secure design principles for its intended purpose of data aggregation, using parallel processing and caching to minimize network load.
- [EXTERNAL_DOWNLOADS]: Fetches content from well-known cryptocurrency news organizations (e.g., CoinDesk, The Block, Decrypt) via RSS feeds as listed in the source registry.
- [PROMPT_INJECTION]: The skill ingests external data (headlines and summaries) which represents a surface for indirect prompt injection.
- Ingestion points: External RSS feed XML content processed in
feed_fetcher.pyandfeed_parser.py. - Boundary markers: Data is structured into tables, CSV, or JSON formats; however, there are no specific instructions to the agent to disregard potential instructions embedded within the news text.
- Capability inventory: Executes local Python scripts and bash commands within the restricted
crypto:news-*namespace. - Sanitization:
feed_parser.pyimplements HTML tag stripping and whitespace normalization to clean incoming text content.
Audit Metadata