feed-digest
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Command Execution (MEDIUM): Argument injection vulnerability in
scripts/fetch_feeds.pyandscripts/fetch_github_issues.py. These scripts callcurlviasubprocess.runand pass user-controlled or external URL strings directly as arguments without the--separator. A malicious URL starting with a dash (e.g.,-o /tmp/malicious.sh) could be interpreted as a command-line flag bycurl, enabling arbitrary file writes or other unintended behavior. - Indirect Prompt Injection (LOW): The skill processes untrusted external data which is then summarized by the agent, creating a risk of indirect prompt injection. 1. Ingestion points: RSS/Atom feed content in
fetch_feeds.pyand GitHub issue/comment text infetch_github_issues.py. 2. Boundary markers: Absent. The content is returned as raw text in a JSON structure without instructions for the agent to ignore embedded commands. 3. Capability inventory: The skill possesses network access (curl) and the ability to read local configuration files. 4. Sanitization: Basic HTML tag removal and character truncation are performed, but no natural language instruction filtering is present. - External Downloads (SAFE): The skill's primary function is to fetch remote content from user-specified or hardcoded URLs, which is handled via standard subprocess calls to
curl.
Audit Metadata