geeknews-search
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script fetches the public GeekNews RSS/Atom feed from Google's FeedBurner service at
https://feeds.feedburner.com/geeknews-feed. This is a standard operation for the skill's stated purpose.\n- [PROMPT_INJECTION]: The skill processes untrusted external data from the RSS feed, creating a surface for indirect prompt injection.\n - Ingestion points: Data enters through the
fetch_feedfunction inscripts/geeknews_search.py.\n - Boundary markers: Content is parsed into structured JSON objects, providing separation between data and instructions.\n
- Capability inventory: The skill is strictly read-only and lacks capabilities such as shell execution, file modification, or access to sensitive environment data.\n
- Sanitization: HTML content is stripped using
html.parser.HTMLParserand final output is serialized usingjson.dumps.
Audit Metadata