hn
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script fetches data from hacker-news.firebaseio.com and hn.algolia.com, which are official and well-known services for Hacker News content.
- [PROMPT_INJECTION]: The skill processes user-generated content from Hacker News, which is an indirect prompt injection surface.
- Ingestion points: The script reads story titles and comments via the Hacker News and Algolia APIs.
- Boundary markers: The output does not use specific delimiters to distinguish between story content and system instructions.
- Capability inventory: The skill performs only HTTP GET requests and console output; it has no capabilities for command execution or local file modification.
- Sanitization: A strip_html function is used to clean HTML tags from retrieved text before it is displayed.
Audit Metadata