alphaear-news
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection risk via external news sources. The ContentExtractor fetches content from third-party URLs using the Jina Reader API, which is then stored in a database. This content is untrusted and could contain adversarial instructions targeting the agent.
- Ingestion points: scripts/content_extractor.py (extract_with_jina) and scripts/database_manager.py (save_daily_news).
- Boundary markers: Not implemented in provided code.
- Capability inventory: Network access (requests), Database write (sqlite3).
- Sanitization: None detected in scripts.
- [EXTERNAL_DOWNLOADS] (SAFE): Interaction with r.jina.ai and Polymarket APIs is consistent with the stated purpose of the skill.
- [NO_CODE] (SAFE): The file scripts/news_tools.py, which contains the NewsNowTools and PolymarketTools classes referenced in SKILL.md, is missing from the submission, rendering the skill non-functional.
Audit Metadata