newsletter-digest
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill consists entirely of metadata and natural language instructions. It does not include any executable scripts, binary files, or dependency manifests.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from external sources. * Ingestion points: The skill processes user-provided newsletter text and content fetched from external URLs as specified in usage examples in SKILL.md. * Boundary markers: The instructions lack delimiters or explicit constraints to prevent the model from potentially following instructions embedded within the newsletters or articles being summarized. * Capability inventory: Capabilities are limited to text summarization, insight extraction, and categorization; no dangerous system-level capabilities (e.g., file system access or arbitrary command execution) are identified in the skill. * Sanitization: There is no evidence of input validation or sanitization logic for the external content processed by the skill.
Audit Metadata