ai-news
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on executing the
ai-newsCLI tool to perform all its core functions, including article retrieval, URL analysis, and integration management. - [EXTERNAL_DOWNLOADS]: The skill documentation explicitly instructs users to install an external package,
ai-news-cli, via the npm package manager. - [REMOTE_CODE_EXECUTION]: The skill features dynamic logic loading where commands are fetched from the developer's server (
ai-news.stringzhao.life) at runtime. This allows the remote server to influence the agent's available actions and behavior dynamically. - [PROMPT_INJECTION]: The skill processes data from external URLs via the
url:analyzecommand and fetches remote article summaries. This creates a surface for indirect prompt injection if the ingested content contains instructions designed to manipulate the agent's behavior. - Ingestion points: External URLs submitted via
url:analyzeand article content fetched viaarticles:listandarticles:summary(SKILL.md). - Boundary markers: No explicit boundary markers or instruction-ignoring delimiters are defined for the ingested content.
- Capability inventory: The agent can execute shell commands via the CLI, install packages, and send data to remote servers.
- Sanitization: There is no evidence of sanitization or validation of the content returned by the external analysis or news services.
- [DATA_EXFILTRATION]: The skill transmits user-supplied URLs to a remote API for analysis and supports the configuration of external webhooks (Flomo), which can be used to route data to third-party endpoints.
Audit Metadata