news-aggregator-skill
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It is designed to fetch real-time news from multiple external sources (Hacker News, Weibo, GitHub, etc.) and perform 'Deep Fetching' by downloading the full text of arbitrary third-party URLs found in those news feeds. The instructions in
SKILL.mdrequire the agent to 'Deeply Interpret' and summarize this content without using boundary markers, delimiters, or instructions to disregard embedded commands in the fetched data. An attacker could potentially influence the agent's behavior by placing malicious instructions within a news article or a trending post that the skill processes. - Ingestion points: Untrusted data enters the agent context via
scripts/fetch_news.pyfrom 8 public news platforms and arbitrary article URLs. - Boundary markers: Absent. The skill does not instruct the agent to use delimiters for the fetched content.
- Capability inventory: The skill allows the agent to execute a Python script (
fetch_news.py) and write detailed markdown files to thereports/directory. - Sanitization: Absent. The agent processes the raw text extracted from HTML for interpretation.
- [EXTERNAL_DOWNLOADS]: The
fetch_news.pyscript performs network requests to multiple external domains to retrieve news lists and article content. While this is the intended primary purpose of the skill, it involves interaction with untrusted remote servers and third-party content. - [COMMAND_EXECUTION]: The skill operations rely on the execution of a local Python script
scripts/fetch_news.pywith various arguments. The script uses standard libraries and does not appear to contain dangerous code execution patterns likeeval()or unsanitized shell interpolation, but it constitutes a command-line interface for the agent.
Audit Metadata