blog-watcher
Fail
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the user or agent to execute commands with administrative privileges. Specifically, it recommends using
sudo apt-get install newsboatto install software, which constitutes a privilege escalation risk. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from external feeds and websites. Ingestion points: External content is fetched using
curlfrom RSS/Atom feeds (e.g.,github.com/.../releases.atom,blog.example.com/rss) and web pages. Boundary markers: No delimiters or protective instructions are provided to the agent to distinguish between the feed data and system instructions. Capability inventory: The skill utilizes shell commands likexmlstarlet,diff,echo, and the GitHub CLI (gh api) for processing the ingested data. Sanitization: No sanitization or validation of the external content is performed before it is presented to the agent, allowing potential instructions inside the feeds to be executed.
Recommendations
- AI detected serious security threats
Audit Metadata