Skills
skills/tul-sh/skills/newsletter-curation/Gen Agent Trust Hub

newsletter-curation

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the infsh CLI to perform operations such as user authentication and running specific platform applications (tavily/search-assistant, infsh/html-to-image, exa/search, x/post-create). These commands are consistent with the skill's primary purpose.
  • [EXTERNAL_DOWNLOADS]: It references the installation of supplementary skills using npx skills add, which is the standard extension mechanism within the inference.sh ecosystem.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface. 1. Ingestion points: Untrusted data from search providers (Tavily, Exa) enters the agent context via infsh app run commands in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Network interaction and API execution via the infsh CLI. 4. Sanitization: Absent; the skill relies on the LLM's own filtering and the user's manual curation process.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 08:26 AM