Skills
skills/netease-youdao/lobsterai/technology-news-search/Gen Agent Trust Hub

technology-news-search

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches news content via RSS feeds and APIs from a large whitelist of technology news organizations (e.g., TechCrunch, Wired, Hacker News, 36Kr) as defined in references/sources.json.
  • [COMMAND_EXECUTION]: The script scripts/search_news.js utilizes child_process.execFile to invoke the Node.js runtime and call the CLI of the web-search skill as a fallback search mechanism. The implementation uses argument arrays and temporary files to safely pass user-provided keywords, mitigating command injection risks.
  • [DATA_EXFILTRATION]: The skill transmits user-provided search keywords to external services, including the Algolia search API for Hacker News and various RSS feed providers, to retrieve relevant technical articles.
  • [INDIRECT_PROMPT_INJECTION]: The skill aggregates untrusted titles and summaries from 75+ third-party news sources. To mitigate formatting-based injection risks, scripts/parsers/rss_parser.js implements a cleanText function that strips HTML tags and normalizes whitespace before presenting content to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 08:10 PM