bbc-news
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches news content from well-known BBC RSS feeds (e.g., feeds.bbci.co.uk).
- [PROMPT_INJECTION]: The skill ingests data from external RSS feeds, which creates an attack surface for indirect prompt injection. However, the risk is negligible as the skill lacks high-risk capabilities.
- Ingestion points: Remote RSS feeds are fetched and parsed in
scripts/bbc_news.py. - Boundary markers: Data from the feeds is provided directly to the agent context.
- Capability inventory: Analysis of all scripts confirms no subprocess execution, file writing, or credential access capabilities exist.
- Sanitization: The script implements basic sanitization by using regular expressions to strip HTML tags from news descriptions.
Audit Metadata