hn-extract
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a Python script (hn-extract.py) using the 'uv' tool to process and format HackerNews data.
- [EXTERNAL_DOWNLOADS]: The script fetches data from the HackerNews Algolia API and arbitrary third-party article URLs. The documentation notes the use of liberal SSL handling, which increases the risk of man-in-the-middle attacks during data retrieval.
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it ingests untrusted user comments and article text intended for LLM processing. 1. Ingestion points: Content is fetched from hn.algolia.com and various external URLs provided by users or found on HackerNews. 2. Boundary markers: The instructions lack delimiters or safety warnings to prevent the agent from following instructions embedded in the processed text. 3. Capability inventory: The skill allows the agent to execute commands, write files to the /tmp directory, and upload files to the chat. 4. Sanitization: While the skill cleans HTML for formatting, it does not explicitly sanitize content for adversarial instructions.
Audit Metadata