Skills
skills/sundial-org/awesome-openclaw-skills/news-summary/Gen Agent Trust Hub

news-summary

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetched data from several well-known and reputable news organizations.
  • Evidence: Downloads RSS feeds from BBC (feeds.bbci.co.uk), Reuters (reutersagency.com), NPR (feeds.npr.org), and Al Jazeera (aljazeera.com).
  • Evidence: Interacts with OpenAI's official API (api.openai.com) for text-to-speech services.
  • [COMMAND_EXECUTION]: Uses local shell utilities to process fetched news data.
  • Evidence: Utilizes curl, grep, sed, and head to parse XML data and extract headlines.
  • [PROMPT_INJECTION]: Vulnerable to indirect prompt injection (Category 8) due to the processing of untrusted external content.
  • Ingestion points: External RSS feeds from multiple news providers fetched via curl commands in SKILL.md.
  • Boundary markers: Absent; fetched headlines and descriptions are directly intended for LLM summarization without explicit delimiters.
  • Capability inventory: Shell command execution (curl, grep, sed), local file writing (/tmp/news.mp3), and network requests to OpenAI API.
  • Sanitization: Absent; only basic HTML tag removal is performed via sed, which does not prevent instructional content within the news text from influencing the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 01:17 PM