freshrss
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local shell script located at
{baseDir}/scripts/freshrss.shto interact with the FreshRSS API. It passes user-defined arguments such as category names, time ranges, and item counts to this script. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from external RSS feeds. 1. Ingestion points: Headlines, source names, and article titles from external feeds enter the agent's context through the output of the
freshrss.shscript. 2. Boundary markers: The documentation for the skill does not specify any delimiters or instructions for the agent to ignore potentially malicious instructions embedded in the feed content. 3. Capability inventory: The skill has the capability to execute a local shell script to retrieve data. 4. Sanitization: There is no evidence of sanitization or validation of the fetched RSS content within the provided skill definition.
Audit Metadata