hackernews
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [Data Exposure & Exfiltration] (LOW): The skill performs network requests via
curltohacker-news.firebaseio.com. Although this is the official endpoint for Hacker News, the domain is not on the predefined trusted whitelist.\n- [Indirect Prompt Injection] (LOW): The skill ingests untrusted user-generated content from Hacker News that could contain instructions designed to influence the agent.\n - Ingestion points: Fetches story titles, comments, and user bios from the HN API.\n
- Boundary markers: Absent; the fetched content is not wrapped in delimiters or accompanied by instructions to ignore embedded commands.\n
- Capability inventory: Uses
bash,curl, andjqto fetch and parse data.\n - Sanitization: Absent; the skill extracts specific JSON fields but does not sanitize the string content within them.\n- [Command Execution] (SAFE): Uses
bash -cand shell pipes to process API results. This behavior is expected and necessary for the skill's primary function of data retrieval and filtering.
Audit Metadata