ai-tech-rss-fetch
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'feedparser' Python package via pip to handle RSS and Atom feed parsing.
- [PROMPT_INJECTION]: The skill processes untrusted metadata from external RSS feeds, creating an indirect prompt injection surface.
- Ingestion points: Content is ingested from remote URLs by 'scripts/rss_subscribe.py' using the 'feedparser' library.
- Boundary markers: No explicit delimiters or boundary markers are used to separate the external feed content from system instructions.
- Capability inventory: The skill can perform network requests to arbitrary feed URLs and has write access to a local SQLite database.
- Sanitization: The script performs basic string and URL normalization but does not implement content filtering or sanitization to detect or prevent malicious instructions embedded in the feed data.
Audit Metadata