PANews
Warn
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's instructions (specifically in 'references/workflow-read-article.md') direct the agent to execute shell commands using user-supplied inputs without sufficient quoting or sanitization. The instruction to use a raw ID directly in the command 'node cli.mjs get-article ' creates a risk of command injection if a user provides a malicious ID containing shell metacharacters such as semicolons or backticks.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted external content from news articles and community comments. Ingestion points: Untrusted data enters the context via news article bodies, search results, and community discussion comments ('references/workflow-topics.md'). Boundary markers: The instructions do not provide delimiters or 'ignore' instructions to prevent the agent from potentially following directives embedded within the fetched news content. Capability inventory: The agent has the capability to execute shell commands via the included CLI tool and performs network operations to fetch news. Sanitization: The instructions do not prescribe any sanitization or validation of external content before it is processed or summarized.
Audit Metadata