blogwatcher
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from external RSS/Atom feeds, creating a surface for indirect prompt injection if an agent reads the resulting notifications.\n- Ingestion points: The
fetchFeedfunction inblogwatcher.jsretrieves XML content from arbitrary URLs defined in the feeds configuration.\n- Boundary markers: The skill does not implement delimiters or instructions for downstream agents to ignore embedded commands within the feed content.\n- Capability inventory: The skill has capabilities for file system access (fs.writeFileSyncinsaveSeenEntries) and network operations (http.get,https.get, andfetch).\n- Sanitization: While the skill truncates text for display, it does not perform sanitization of the feed content (such as stripping instructional keywords) before outputting it.
Audit Metadata