newsapi-search
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted text (article titles, descriptions, and full content) from NewsAPI and returns it to the agent without sanitization. Malicious instructions embedded in news articles could potentially manipulate the agent's behavior.
- Ingestion points: Untrusted data enters the context via the
resultsarray inscripts/search.js. - Boundary markers: None. The skill does not provide markers or instructions to the agent to treat the article content as untrusted data.
- Capability inventory: The skill includes network access to NewsAPI and file system read access for configuration.
- Sanitization: None. The article content is mapped directly from the API response to the returned object without filtering.
- [DATA_EXFILTRATION]: The script
scripts/search.jscontains a hardcoded absolute path to a sensitive configuration file (/Users/kirk/Projects/openclaw-skills/.env). Accessing environment files via hardcoded absolute paths is a security best practice violation. While this appears to be a development remnant matching the author's local environment, it exposes the author's local file structure and could lead to unauthorized file read attempts on other systems.
Audit Metadata