Skills
skills/machina-sports/sports-skills/sports-news/Gen Agent Trust Hub

sports-news

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute a local validation script and a CLI tool.
  • Evidence: Executes bash scripts/validate_params.sh for parameter checking.
  • Evidence: Utilizes the sports-skills command-line interface for fetching data.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external RSS feeds and Google News.
  • Ingestion points: News content enters the agent context through the fetch_feed and fetch_items commands described in SKILL.md.
  • Boundary markers: Absent. The instructions do not specify any delimiters or warnings to the agent to ignore instructions embedded within the fetched news articles.
  • Capability inventory: The skill has the capability to execute shell commands (bash) and use a specific CLI tool (sports-skills).
  • Sanitization: Absent. There is no evidence of content sanitization or escaping of the fetched news text before it is presented to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 03:40 AM