blogwatcher
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions provide multiple methods for downloading the
blogwatcher-clibinary directly from a GitHub repository (github.com/JulienTant/blogwatcher-cli). This includes pipingcurloutput intotarfor extraction into system directories. - [COMMAND_EXECUTION]: The skill relies on executing the
blogwatcher-clicommand-line tool with various arguments, including user-provided URLs and file paths for OPML imports. - [PRIVILEGE_ESCALATION]: The installation instructions suggest extracting the downloaded binary to
/usr/local/bin, a directory that typically requires administrative privileges for write access. - [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and display content from external RSS/Atom feeds and HTML pages (via scraping).
- Ingestion points: External URLs fetched via
blogwatcher-cli addandblogwatcher-cli scaninSKILL.md. - Boundary markers: Absent. The example output indicates that article titles, blog names, and categories are displayed without explicit delimiters or warnings to ignore embedded instructions.
- Capability inventory: Execution of shell commands via
blogwatcher-clias described inSKILL.md. - Sanitization: None specified for the content retrieved from external feeds before it is presented to the agent.
Audit Metadata