news-aggregator-skill
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill directs users to install code from an untrusted GitHub repository (
cclank/news-aggregator-skill) viagit cloneandnpx. This source is not on the trusted organizations list. - COMMAND_EXECUTION (MEDIUM): The agent is instructed to execute a shell command (
python3 scripts/fetch_news.py) with arguments like--keywordthat are derived from user input. While the instructions suggest the agent expand these keywords, there is a risk of command injection if the input is not correctly escaped before being passed to the shell. - PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: The
fetch_news.pyscript with the--deepflag fetches the main text content from external web pages (e.g., Hacker News, 36Kr, Weibo). - Boundary markers: No boundary markers or instructions to ignore embedded commands are specified in the prompt interpolation logic.
- Capability inventory: The skill has the capability to execute subprocesses (
python3) and write files to thereports/directory. - Sanitization: There is no evidence of content sanitization or validation before the fetched data is presented to the LLM for analysis.
- DATA_EXFILTRATION (SAFE): While the skill makes network requests, they are directed at known news aggregators and social media platforms for the purpose of fetching news, consistent with the skill's primary function.
Audit Metadata