news-aggregator-skill
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The README.md recommends installation via
git cloneornpxfromgithub.com/cclank/news-aggregator-skill. As this repository and author are not part of the trusted list, the remote code and scripts contained within are unverifiable and could be modified by the author. - [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection due to its core functionality of fetching and analyzing third-party web content.
- Ingestion points: The
fetch_news.pytool with the--deepflag retrieves full article text from 8 external sources including Hacker News, GitHub, and Weibo. - Boundary markers: Absent. The instructions do not direct the agent to use delimiters or specific safety framing when processing the external data.
- Capability inventory: The skill allows subprocess execution of Python scripts and has the ability to write files to the
reports/directory. - Sanitization: Absent. There is no evidence of filtering or sanitizing the retrieved article content before the agent performs 'Deep Interpretation', which could allow an attacker to embed instructions in a news article that redirect the agent's behavior.
- [COMMAND_EXECUTION] (SAFE): The skill executes a local script
scripts/fetch_news.pyto perform its primary function. This is standard behavior for the intended purpose.
Audit Metadata