ai-news-collector
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is susceptible to indirect prompt injection due to its core data ingestion workflow.\n
- Ingestion points: Sections 1.1 (Dimension A) and 1.2 (Dimension B) in
SKILL.mdinstruct the agent to useweb_fetchto retrieve full text from external newsletters and community sites like Reddit and Hacker News.\n - Boundary markers: The instructions do not define any delimiters or system-level constraints to segregate untrusted external content from the agent's core instructions.\n
- Capability inventory: The skill possesses the capability to aggregate, summarize, and rank news items (influence over reasoning and display), but it lacks high-privilege write or execute capabilities like shell access or file modification.\n
- Sanitization: No sanitization, filtering, or validation of the fetched external text is specified before the agent processes it for summarization.
Audit Metadata