ai-tech-rss-summary
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): Indirect Prompt Injection vulnerability via external data ingestion.
- Ingestion points: The skill explicitly ingests data from external RSS feeds (
assets/hn-popular-blogs-2025.opml), and various local file formats including.txt,.md,.json, and.csv(SKILL.md,references/input-model.md). - Boundary markers: No explicit delimiter markers (e.g., XML tags or unique string boundaries) or "ignore embedded instructions" warnings are defined in the workflow to separate system instructions from untrusted data.
- Capability inventory: The skill possesses the capability to render various formats (
html,pdf), process structured data, and include functional links (include_links: true), which can be used to deliver malicious payloads or track users. - Sanitization: There is no evidence of sanitization or filtering for executable content or embedded instructions within the processed items. The 'keyword filtering' (
references/output-rules.md) only filters for relevance, not for security threats. - EXTERNAL_DOWNLOADS (LOW): The skill references an external OPML file from a GitHub Gist (
https://gist.github.com/emschwartz/...). While the source is GitHub (a trusted platform), the specific user/gist is not on the pre-approved [TRUST-SCOPE-RULE] list.
Recommendations
- AI detected serious security threats
Audit Metadata