blogwatcher
Warn
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill metadata and documentation specify the installation of an external binary from 'github.com/Hyaxia/blogwatcher/cmd/blogwatcher@latest' using the Go package manager. This source is not verified as a trusted vendor or service.
- [COMMAND_EXECUTION]: The skill operates by executing the 'blogwatcher' CLI tool with various arguments to manage and scan blog feeds. This requires the agent to have the ability to run external binaries on the host system.
- [PROMPT_INJECTION]: The skill is designed to ingest and display content from arbitrary RSS/Atom feeds. This creates a surface for indirect prompt injection where malicious instructions embedded in a blog post could be processed by the agent.
- Ingestion points: RSS and Atom feed content retrieved via 'blogwatcher scan'.
- Boundary markers: The instructions do not define delimiters or warnings for the agent to ignore instructions embedded within the feed content.
- Capability inventory: The skill utilizes CLI execution ('blogwatcher') to perform its tasks.
- Sanitization: There is no evidence of sanitization or filtering of the content retrieved from external feeds before it is presented to the agent.
Audit Metadata