hotspot-collector
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted content from external platforms like Twitter, GitHub, and various tech forums to extract information. This introduces a potential surface for indirect prompt injection, where malicious instructions embedded in third-party content (such as a tweet or a repo description) could attempt to influence the agent. However, the skill's functionality is limited to data extraction and formatting, with no high-risk capabilities identified.
- Ingestion points: Processes data from external platforms including Twitter/X, Hacker News, Product Hunt, and GitHub (SKILL.md).
- Boundary markers: None specified for the input data handling.
- Capability inventory: Search operations and structured JSON file generation (SKILL.md).
- Sanitization: No explicit sanitization or input validation logic is defined for the collected text content.
Audit Metadata