ai-newsletters
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes content from third-party RSS feeds (TLDR AI and The Rundown AI) which may contain malicious instructions designed to manipulate the agent.
- Ingestion points: RSS feed content (titles, links, descriptions) extracted via WebFetch in
SKILL.md(Workflow Step 2). - Boundary markers: Absent. The skill does not use specific delimiters or instructions to prevent the agent from obeying commands embedded in the feed content during the ranking or summarization process.
- Capability inventory: File-write access to the local filesystem (
50_资源/Newsletters/) for saving digests and raw data as defined inSKILL.md(Workflow Step 6). - Sanitization: Absent. There is no evidence of filtering or sanitizing the input strings before they are processed by the LLM for ranking or template filling.
Audit Metadata