daily-news-60s
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- DATA_EXFILTRATION (LOW): The skill performs network requests using
curland the Pythonrequestslibrary to connect to60s.viki.moe. This is a non-whitelisted third-party domain, which is a common pattern for news skills but technically falls under external network operations. - PROMPT_INJECTION (LOW): Indirect Prompt Injection Surface. The skill ingests external data (news headlines and daily quotes) that is then processed by the agent. 1. Ingestion points: Data enters the agent's context through the
/v2/60sendpoint. 2. Boundary markers: The skill documentation does not instruct the agent to use delimiters or ignore instructions within the fetched news content. 3. Capability inventory: The skill allows network read operations via GET requests. 4. Sanitization: No sanitization or validation is applied to the API output before it is presented to the user or agent.
Audit Metadata