Skills
skills/winsorllc/upgraded-carnival/rss-reader/Gen Agent Trust Hub

rss-reader

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches RSS and Atom feeds from external web sources using curl and Python's urllib.request. It also suggests the installation of system packages like xmlstarlet via apt install.- [COMMAND_EXECUTION]: Utilizes multiple command-line utilities including grep, sed, xmlstarlet, xmllint, jq, and yq to process and filter XML data from the feeds.- [COMMAND_EXECUTION]: Dynamically executes a Python script using the python3 -c flag to perform XML parsing using the xml.etree.ElementTree library.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from external feeds.
  • Ingestion points: External feed URLs retrieved via curl and urllib (SKILL.md).
  • Boundary markers: None; the skill processes fetched XML content directly without delimiters or instructions to ignore embedded commands.
  • Capability inventory: Subprocess execution of shell utilities and Python scripts which could be targeted if a feed contains malicious escape sequences or payloads.
  • Sanitization: There is no evidence of input validation or content sanitization for the data contained within the RSS items.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 05:11 AM