ai-daily-digest
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Prompt Injection (HIGH): Vulnerable to Indirect Prompt Injection (Category 8) because it processes untrusted content from 90 external RSS feeds. Attackers could embed malicious instructions in articles to manipulate agent behavior. Evidence: [Ingestion points: 90 RSS feeds referenced in README] [Boundary markers: None mentioned] [Capability inventory: File system writes for reports and config, plus agent-driven reasoning] [Sanitization: None described].
- Command Execution (HIGH): The skill instructs the agent to run 'npx -y bun scripts/digest.ts'. This executes a local script which is not provided for analysis and could perform arbitrary system operations.
- External Downloads (MEDIUM): Uses 'npx' to potentially download the Bun runtime from the npm registry at execution time, which introduces a runtime dependency on external package infrastructure.
Recommendations
- AI detected serious security threats
Audit Metadata