news-aggregator-skill
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script,
scripts/fetch_news.py, to gather data from multiple news sources like Hacker News and Weibo. This is the intended behavior for the skill's core functionality. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it fetches and processes untrusted content from the internet for 'Deep Analysis' and 'Deep Interpretation'.
- Ingestion points: Data enters the agent's context through the output of
scripts/fetch_news.py, specifically via thecontentfield which contains extracted article text when the--deepflag is used. - Boundary markers: The prompt instructions do not specify any delimiters (like XML tags or triple quotes) or 'ignore embedded instructions' warnings to separate the fetched news content from the agent's core instructions.
- Capability inventory: The agent can execute shell commands through the
fetch_news.pyscript and has write access to the local filesystem to save files in thereports/directory. - Sanitization: There is no evidence of sanitization, filtering, or validation performed on the fetched article text before the AI agent processes it to generate summaries and interpretations.
Audit Metadata