news-aggregator-skill
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script
scripts/fetch_news.pyinitiates network requests to retrieve data from multiple well-known services and news platforms, including Hacker News, GitHub Trending, Weibo, 36Kr, V2EX, Tencent News, Wall Street CN, and Product Hunt. - When the
--deepflag is enabled, the script dynamically fetches content from arbitrary external URLs found in the news items to extract article text (truncated to 3000 characters). - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests and processes untrusted third-party content from the internet.
- Ingestion points: Untrusted data enters the agent context via
scripts/fetch_news.py, specifically through thefetch_url_contentfunction and the various source fetchers that scrape titles and descriptions. - Boundary markers: The skill does not implement explicit boundary markers or system instructions to ignore potential commands embedded within the fetched news content before processing.
- Capability inventory: The skill utilizes network access (
requests.get) and is instructed bySKILL.mdto perform file-write operations to thereports/directory to save aggregated news. - Sanitization: The scraping script performs basic HTML sanitization by removing script, style, and navigation elements using BeautifulSoup, but it does not sanitize or filter the extracted text for malicious natural language instructions.
Audit Metadata