karpathy-rss-daily-briefing
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection. It is designed to fetch an external RSS feed and then perform a "full-depth reading" of every article link found within that feed.
- Ingestion points: External RSS feed URL and every link extracted from the RSS entries as defined in
SKILL.mdStep 1 and Step 3. - Boundary markers: The instructions lack any boundary markers or instructions to treat the fetched article content as untrusted data.
- Capability inventory: The skill utilizes
WebFetchto read content and has the capability to generate new documents based on that content. - Sanitization: No sanitization or validation of the retrieved content is mentioned.
- [PROMPT_INJECTION]: The skill includes a file named
.security-scan-passedwhich makes a self-referential claim that the skill is safe and has passed automated validation. This is a common pattern used to bypass manual or automated security reviews. - [EXTERNAL_DOWNLOADS]: The skill performs automated network requests to
youmind.comand any arbitrary URL contained within the retrieved RSS feed to download content for processing.
Audit Metadata