industry-news-tracker
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches industry-specific news, technical updates, and exhibition schedules from external specialized portals including
gongkong.com,iteschina.com,c-fol.net, ande-works.net.cnvia theweb_fetchtool.\n- [PROMPT_INJECTION]: The skill operates by ingesting external data, which introduces a surface for indirect prompt injection findings.\n - Ingestion points: Remote news articles and exhibition detail pages retrieved from the internet using
web_fetchas documented inSKILL.md.\n - Boundary markers: The skill instructions do not define delimiters or specific directives to isolate retrieved content from the agent's logic or to ignore potential instructions embedded in the source text.\n
- Capability inventory: The skill is limited to fetching web data and generating formatted summaries; it does not have the capability to execute system commands or modify the filesystem beyond suggesting a user-managed keyword configuration file.\n
- Sanitization: No mechanisms for sanitizing, validating, or filtering the retrieved web content are specified before it is processed by the agent.
Audit Metadata