card-news
Fail
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's reference materials in 'references/card-news/anti-ai-writing.md' include the domain 'putoms.com', which has been flagged as malicious and blacklisted by automated security scanners. Including malicious URLs in a skill increases the risk of users or the agent interacting with harmful external content.
- [COMMAND_EXECUTION]: The skill is designed to run a local Python script ('scripts/card-news/generate_image.py') to generate images. This provides a direct execution path that could be abused if the agent's instructions are manipulated via prompt injection.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its content analysis workflow (documented in 'references/card-news/magazine-sop.md'). 1. Ingestion points: The skill analyzes user-provided topics and external URLs to extract key information. 2. Boundary markers: No delimiters or protective instructions are used to separate ingested data from the agent's core logic. 3. Capability inventory: The agent can execute local scripts and use complex reasoning tools, making the impact of an injection significant. 4. Sanitization: External data is processed without validation or sanitization, creating an exploitable surface for malicious embedded instructions.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata