daily-news-caster
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install a dependency from an unverified 3rd-party GitHub repository (
https://github.com/cclank/news-aggregator-skill). While thettsskill is sourced from the vendor's own repository, the aggregator source is untrusted. - [REMOTE_CODE_EXECUTION]: The skill relies on downloading and executing external scripts (
fetch_news.py) from an untrusted repository. This pattern allows for arbitrary code execution on the user's machine if the remote repository content is modified or malicious. - [COMMAND_EXECUTION]: The skill uses
npx,python3, andbashto execute local and downloaded scripts. Specifically, it executesfetch_news.pyandtts.sh, which are external dependencies. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It ingests data from external news sources (e.g., Hacker News, GitHub) via
fetch_news.py(File: SKILL.md Step 2) and interpolates this content directly into a podcast script (File: SKILL.md Step 3) without sanitization, boundary markers, or instructions to ignore embedded commands. This data is then processed by the LLM to generate the script, allowing malicious news content to influence agent behavior. The skill maintains significant capabilities, including subprocess execution (python3,bash) and file system access.
Audit Metadata