The Agent Skills Directory

Prompt Injection (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted headlines from over 54 platforms. ● Ingestion points: Data enters from various news APIs via the api_client (referenced in cross_platform.py and sentiment_monitor.py). ● Boundary markers: No explicit delimiters or 'ignore' warnings are used to wrap untrusted headlines in the output generated by formatter.py. ● Capability inventory: The skill formats and displays news items which are then interpreted by the LLM agent; if headlines contain adversarial instructions, the agent may act on them. ● Sanitization: ResponseFormatter in formatter.py performs basic text truncation and newline removal but does not filter for prompt injection payloads.
External Downloads (SAFE): Standard Python libraries (requests, aiohttp) are installed from PyPI during setup. These are trusted dependencies.
Command Execution (SAFE): Installation and execution commands in SKILL.md and README.md are standard for the OpenClaw framework and do not exhibit malicious intent such as unauthorized shell access or hidden downloads.

daily-hot-news