blogwatcher
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill metadata specifies the installation of a Go binary from a non-trusted third-party GitHub repository (github.com/Hyaxia/blogwatcher) using the unversioned '@latest' tag.
- [COMMAND_EXECUTION]: The skill relies on executing the 'blogwatcher' CLI tool to perform network operations and scan external feeds.
- [PROMPT_INJECTION]: The skill processes untrusted data from RSS/Atom feeds, creating a surface for indirect prompt injection. 1. Ingestion points: Untrusted content enters the agent context via 'blogwatcher scan' and 'blogwatcher articles'. 2. Boundary markers: No delimiters or 'ignore' instructions are present to distinguish feed data from agent instructions. 3. Capability inventory: The agent can execute CLI commands that perform network requests. 4. Sanitization: No evidence of sanitization or filtering for the external feed content is provided.
Audit Metadata