Skills
skills/ralph-loop/claude-skills-secnews/secnews/Gen Agent Trust Hub

secnews

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches a feed registry from the author's GitHub repository (ralph-loop/claude-skills-secnews) to identify news sources.
  • [EXTERNAL_DOWNLOADS]: The skill retrieves content from third-party RSS feeds via the WebFetch tool to provide news summaries.
  • [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it processes untrusted data from external sources.
  • Ingestion points: External article content retrieved from RSS feeds in Step 3.
  • Boundary markers: No explicit delimiters are defined in the prompt to isolate external data from the agent's instructions.
  • Capability inventory: The skill is limited to read-only network operations (WebFetch) and lacks dangerous capabilities such as shell execution, file writing, or persistence.
  • Sanitization: No explicit sanitization or filtering of external content is described before the data is summarized.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 05:06 AM