rss-fetch
Fail
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches data from external RSS and Atom feeds using
curl. While several examples target well-known and trusted sources like GitHub and Hacker News, the skill is functionally designed to fetch content from any URL provided by the user or found in data. - [COMMAND_EXECUTION]: The skill employs
bash -cfor executing shell commands and explicitly instructs the agent to concatenate variables into command strings (e.g.,bash -c 'curl -s "'"$feed"'"'). This pattern constitutes a command injection vulnerability if the variables contain unsanitized user-provided input. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it ingests untrusted XML content from the web and processes it without using boundary markers or content sanitization.
- Ingestion points: Remote RSS/Atom feeds retrieved via
curl(SKILL.md). - Boundary markers: None specified in the instructions to delimit external content.
- Capability inventory: The skill has access to powerful shell utilities including
curl,xmllint,awk, andbash. - Sanitization: No sanitization or validation of the fetched XML content is performed before the agent processes it.
Recommendations
- HIGH: Downloads and executes remote code from: https://hnrss.org/frontpage - DO NOT USE without thorough review
Audit Metadata