trending-news
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE]: The skill consists exclusively of markdown documentation and API definitions. It does not include any scripts or executable files.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted headlines and tweet content from an external API. • Ingestion points: Untrusted data is retrieved from https://xquik.com/api/v1/radar and related endpoints. • Boundary markers: The skill includes a 'Security' section explicitly warning that headlines, summaries, and tweet text are untrusted. • Capability inventory: The skill is restricted to API read operations and does not have access to file system writes, subprocess execution, or shell commands. • Sanitization: The skill relies on natural language instructions to prevent the agent from auto-following URLs or obeying instructions embedded in retrieved data.
Audit Metadata