Skills
skills/unix2dos/skills/hackernews/Gen Agent Trust Hub

hackernews

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes bash, curl, and jq to execute API requests and process JSON responses. These commands are used for their intended purpose of data retrieval and transformation.\n- [EXTERNAL_DOWNLOADS]: Fetches data from hacker-news.firebaseio.com, which is the well-known and official domain for the Hacker News API.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to the ingestion of untrusted external content (titles, comments, and bios).\n
  • Ingestion points: Untrusted data enters the agent context via curl requests to the Hacker News API defined in SKILL.md.\n
  • Boundary markers: No specific delimiters or boundary markers are implemented to wrap the external text content.\n
  • Capability inventory: The skill uses shell execution capabilities (curl, jq, bash).\n
  • Sanitization: No sanitization or filtering is applied to the retrieved text fields before they are processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 07:05 AM