hotspot-collector
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest data from untrusted external sources such as Twitter, Hacker News, and GitHub. This creates a surface for indirect prompt injection where malicious content on those platforms could influence the agent's behavior or output.
- Ingestion points: Web platforms (Twitter/X, Hacker News, Product Hunt, GitHub, etc.) specified in Section 3.
- Boundary markers: Absent. The instructions do not provide delimiters or specific warnings to the agent to ignore instructions embedded within the scraped content.
- Capability inventory: File writing (Section 5 specifies outputting to a JSON file).
- Sanitization: Absent. There are no instructions for the agent to sanitize or escape the content it collects.
- Data Exposure & Exfiltration (LOW): The skill directs the agent to perform network operations against multiple non-whitelisted domains (e.g., producthunt.com, news.ycombinator.com). While this is the primary purpose of the skill and no sensitive local data access is requested, network access to arbitrary external domains is a standard finding for this category.
Audit Metadata