openclaw-feeds
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests untrusted data from external RSS feeds, which creates a surface for potential indirect prompt injection where feed content could attempt to manipulate the agent.
- Ingestion points: External RSS feeds fetched in
scripts/feeds.pyusing URLs fromscripts/lists.py. - Boundary markers: Absent; summaries are provided as plain text within the JSON output without explicit boundary instructions for the agent.
- Capability inventory: The skill allows the agent to execute its own Python scripts and has network access to fetch data.
- Sanitization: The
clean_htmlfunction inscripts/feeds.pystrips HTML tags and truncates summaries to 500 characters, providing basic mitigation. - Data Exposure & Exfiltration (LOW): The script performs network operations to multiple external domains to fetch RSS content. While these are curated sources, they are not on an internal whitelist.
- Unverifiable Dependencies & Remote Code Execution (LOW): The skill depends on the
feedparserpackage. While it is a standard library for RSS, it is an external dependency installed without a specific version pin.
Audit Metadata