hackernews
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs network requests to
hacker-news.firebaseio.com. This is the official Firebase endpoint for Hacker News, which is a well-known service. These operations are used to retrieve news stories and discussion data. - [COMMAND_EXECUTION]: The skill uses
bashandcurlto execute API calls. It dynamically constructs commands by interpolating variables (such as item IDs and usernames) into shell strings. While this is necessary for the skill's functionality, it represents a standard command execution surface. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted, user-generated content from Hacker News (including comments, story titles, and user bios).
- Ingestion points: Data enters the agent context through
curlresponses from the Hacker News API, specifically from fields liketext,title, andaboutin the JSON responses. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore potentially malicious commands embedded in the fetched content.
- Capability inventory: The skill possesses the capability to execute shell commands via
bashand perform network operations viacurl(as seen inSKILL.md). - Sanitization: The skill relies on
jqfor structure parsing, but does not perform sanitization or filtering of the textual content before it is processed by the agent.
Audit Metadata