blogwatcher
Warn
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill metadata and instructions direct the installation of a Go binary from a remote repository (
github.com/Hyaxia/blogwatcher). This constitutes a download of external executable code from a third-party source.\n- [COMMAND_EXECUTION]: The skill functions by executing theblogwatcherCLI tool on the system. Commands such asscan,add, andreadinvolve local process execution to manage feed data.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) due to its core function of processing external web data.\n - Ingestion points: External data enters the agent context through
blogwatcher scanandblogwatcher articles, which fetch and display content from RSS/Atom feeds.\n - Boundary markers: Absent; the skill does not utilize delimiters or specific instructions to prevent the agent from following commands embedded within the blog articles.\n
- Capability inventory: The skill facilitates command execution and network requests via the CLI tool, which could be abused if malicious instructions are ingested.\n
- Sanitization: Absent; there is no evidence of sanitization or filtering applied to the fetched feed content before it is processed by the agent.
Audit Metadata