news-shopping
Warn
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The setup instructions in rules/getting-started.md require users to run npx agentcash@latest install, which downloads and executes code from the NPM registry that has not been verified as a trusted source.
- [COMMAND_EXECUTION]: The skill relies on the agentcash.fetch tool to perform network requests, which is an external command dependency that executes outside the immediate skill environment.
- [DATA_EXFILTRATION]: User-provided search queries are transmitted to endpoints on stableenrich.dev. While this is necessary for the search functionality, it exposes user intent and keywords to an external third-party service.
- [PROMPT_INJECTION]: The skill ingests and displays content from external websites (news snippets and product titles), which could be manipulated by attackers to influence agent behavior.
- Ingestion points: Search results returned from news and shopping endpoints at stableenrich.dev as described in SKILL.md.
- Boundary markers: Absent; the instructions do not use specific markers to distinguish between untrusted data and agent instructions.
- Capability inventory: The skill uses agentcash.fetch for network requests; no high-privilege operations like file modification or subprocess spawning are present in the skill code.
- Sanitization: Absent; the skill does not appear to sanitize or filter the content retrieved from external sources before presenting it to the agent.
Audit Metadata