monitor
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it fetches and summarizes content from untrusted external sources.
- Ingestion points: External content is pulled from Atom/RSS feeds, the GitHub API, and arbitrary web pages specified by the user or identified via the discovery skill as documented in
SKILL.md. - Boundary markers: The instructions do not define specific delimiters or 'ignore' instructions for the LLM when processing external content for the
subscription/summarizetask. - Capability inventory: The skill utilizes the
joelclawCLI for management andInngestfunctions for automated fetching and background processing. - Sanitization: There is no evidence of sanitization or content filtering applied to the fetched data before it is presented to the LLM for summarization.
- [COMMAND_EXECUTION]: The skill uses a vendor-specific CLI tool (
joelclaw) to perform administrative tasks such as listing, adding, and checking subscriptions. These commands are part of the intended local functionality. - [EXTERNAL_DOWNLOADS]: The skill retrieves data from external domains including
github.comand various feed URLs. These network operations are core to the skill's purpose and target well-known services or user-defined URLs.
Audit Metadata