aggregating-crypto-news
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted content from external RSS feeds.
- Ingestion points: RSS feeds are fetched from third-party URLs defined in
config/sources.yamland processed inscripts/feed_fetcher.pyandscripts/feed_parser.py. - Boundary markers: Output is formatted into structured tables or JSON in
scripts/formatters.py, but the skill lacks explicit instructions for the agent to ignore any commands embedded within the processed article text. - Capability inventory: The skill possesses the capability to execute shell commands and write output to local files via the
--outputflag inscripts/news_aggregator.py. - Sanitization: The
FeedParser._clean_textmethod removes HTML tags and decodes entities, but does not perform filtering for malicious instructional language or prompt injection patterns. - [EXTERNAL_DOWNLOADS]: Fetches news content from well-known cryptocurrency publications including CoinDesk, The Block, and Decrypt. These sources are established technology news services and the network activity is limited to fetching public RSS feed XML, which is consistent with the skill's primary purpose.
- [COMMAND_EXECUTION]: Executes Python scripts (
news_aggregator.py,feed_fetcher.py, etc.) for news aggregation and processing. The execution is limited to the skill's own scripts and handles data retrieval and formatting tasks.
Audit Metadata