newsletter-curation
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several 'infsh' CLI commands to search for news, generate header images, and post updates to social media.
- [EXTERNAL_DOWNLOADS]: The skill retrieves data from external search engines (Tavily and Exa) and references a remote shell script on GitHub for CLI installation. It also uses 'npx' to download and install additional skill components.
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection via the following chain: 1. Ingestion points: Content is ingested from arbitrary web sources (Reddit, news sites, etc.) using 'tavily/search-assistant' and 'exa/search'. 2. Boundary markers: The prompt instructions do not use delimiters or include instructions to ignore embedded commands in the fetched content. 3. Capability inventory: The skill has the capability to write to the file system and post directly to social media using 'x/post-create'. 4. Sanitization: No sanitization or validation of the ingested content is performed before it is processed by the agent.
Audit Metadata