ai-news-digest
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill aggregates news articles from external RSS feeds and processes them using LLM prompts for translation and summarization in
scripts/enhance_content.py. This creates a surface for indirect prompt injection because external content is interpolated directly into prompts. - Ingestion points: RSS feeds and the Hacker News API defined in
config/sources.jsonand fetched viascripts/fetch_news.py. - Boundary markers: Absent; untrusted title and summary strings are directly placed into prompt f-strings without delimiters or protective instructions.
- Capability inventory: The skill performs file I/O and network requests but does not execute dynamic code or shell commands based on the processed news content.
- Sanitization: No validation or escaping of external text is performed before prompt construction.
- [CREDENTIALS_UNSAFE]: The documentation and templates in
SKILL.mdandconfig/email.jsonpromote the practice of storing SMTP authentication codes in plain-text JSON files. This poses a risk of credential exposure if the environment is compromised. - [EXTERNAL_DOWNLOADS]: The skill fetches data from several well-known technology news sources and APIs, including Hacker News, TechCrunch, and OpenAI. These are recognized as reputable sources.
Audit Metadata