newsletter-digest
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Node.js scripts (
fetch-feeds.js,ghost-publish.js) and inline Node.js commands to manage the newsletter generation and publishing workflow. It also contains hardcoded absolute file paths (e.g.,/Users/ksd/Desktop/Varnan_skills/...) inSKILL.mdthat are specific to the author's local development environment and may cause execution failures on other systems. - [EXTERNAL_DOWNLOADS]: The skill fetches content from external RSS/Atom feeds defined in
feeds.json. It also usesnpm installto download required dependencies likejsonwebtokenandrss-parserfrom the official NPM registry. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from third-party RSS feeds and includes it in the prompt sent to the LLM for summarization.
- Ingestion points:
scripts/fetch-feeds.jsfetches content from external URLs specified infeeds.json. - Boundary markers: The synthesis prompt in
SKILL.mdincludes instructions to 'use ONLY these sources', but lacks strong structural delimiters or specific warnings to ignore instructions embedded within the source content. - Capability inventory: The agent can write to the local filesystem and publish content to an external Ghost CMS instance via
scripts/ghost-publish.js. - Sanitization:
scripts/fetch-feeds.jsperforms basic HTML tag stripping and truncates article excerpts to 400 characters, which provides some mitigation but does not fully eliminate the injection risk.
Audit Metadata