rss-feed
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches news content from well-known domains such as Google News, TechCrunch, Wired, and Ars Technica to aggregate headlines and summaries.
- [COMMAND_EXECUTION]: Deployment instructions recommend the use of
crontabto maintain persistence and schedule regular execution of the data collection script. - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by ingesting untrusted data from external RSS feeds.
- Ingestion points: Data enters the system via the
feedparser.parse()function inrss_fetcher.pywhich retrieves content from third-party URLs. - Boundary markers: The skill stores extracted data in a structured JSON format but does not include explicit boundary markers or 'ignore' instructions to prevent downstream LLMs from obeying instructions embedded in the news summaries.
- Capability inventory: The
rss_fetcher.pyscript has capabilities for network access (data retrieval) and local file system access (writing JSON output). - Sanitization: The script implements summary truncation to 500 characters, but no content sanitization or filtering for injection patterns is performed.
Audit Metadata