technews
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from external websites. \n
- Ingestion points:
scripts/article_fetcher.pyfetches article body text from arbitrary third-party URLs;scripts/techmeme_scraper.pyfetches the TechMeme RSS feed. \n - Boundary markers: Absent. The skill does not use delimiters or instructions to help the model distinguish between its own logic and the external article content. \n
- Capability inventory: The skill can perform network requests to any URL and write to a local cache file at
~/.cache/technews/stories.json. \n - Sanitization: It uses simple regex to strip HTML tags from RSS descriptions but does not validate or sanitize the text content retrieved from articles before summarization. \n- [PROMPT_INJECTION]: The skill uses an insecure XML parser in
scripts/techmeme_scraper.py. The use ofxml.etree.ElementTree.fromstring()on data fetched from the network is susceptible to XML External Entity (XXE) attacks, which could be exploited to read local files or perform server-side request forgery (SSRF) if the remote feed is compromised. \n- [EXTERNAL_DOWNLOADS]: The skill performs network operations to fetch news data and article content. It communicates with well-known services liketechmeme.com,hn.algolia.com, andnitter.netto retrieve news items and social media engagement data. It also fetches full article content from various third-party domains linked in the tech news feed.
Audit Metadata