daily-news-digest
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from external websites and YouTube to generate blog posts.
- Ingestion points: News content is fetched from various domains including
insidegnss.com,gpsworld.com, and company newsrooms such astrimble.comandhexagon.comas defined inSKILL.md. - Boundary markers: None identified. The workflow does not specify the use of delimiters or instructions for the agent to ignore embedded commands within the fetched news.
- Capability inventory: The skill has the ability to write files to the local filesystem (
src/content/posts/) and perform git commits. - Sanitization: There is no evidence of content sanitization or validation before the external data is interpolated into the MDX template.
- [EXTERNAL_DOWNLOADS]: The skill fetches information from several well-known industry sources and services.
- It retrieves tech news coverage from Bloomberg via YouTube and industry-specific updates from publications like
Inside GNSSandGPS World, as well as official newsrooms for positioning technology vendors. - [COMMAND_EXECUTION]: The skill includes instructions for managing a repository.
- Step 5 of the workflow describes a commit process ("feat: add daily tech & GNSS news digest") which implies the execution of version control commands.
Audit Metadata