Skills
skills/odysseus0/feed/rss-digest/Gen Agent Trust Hub

rss-digest

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill instructions specify the installation of the feed CLI tool from odysseus0/tap/feed via Homebrew or github.com/odysseus0/feed via Go. These sources are not within the trusted repository list, making the dependency unverifiable.
  • COMMAND_EXECUTION (LOW): The skill relies on executing local CLI commands through the feed binary to manage and read RSS feeds. While functional, it assumes the integrity of the downloaded third-party executable.
  • PROMPT_INJECTION (MEDIUM): The skill is susceptible to Indirect Prompt Injection (Category 8) because it fetches and processes untrusted data from external RSS feeds.
  • Ingestion points: Workflow step 4 fetches full content from external URLs or via the feed get entry <id> command.
  • Boundary markers: No markers or delimiters are used to separate external RSS content from the agent's instructions.
  • Capability inventory: The agent can execute CLI commands and perform web fetches, providing a pathway for malicious instructions embedded in RSS feeds to influence agent actions.
  • Sanitization: There is no evidence of sanitization or filtering applied to the external content before summarization.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 07:08 AM