news-catcher
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'playwright' Python package and the Chromium browser engine. These are well-known tools maintained by Microsoft.
- [COMMAND_EXECUTION]: Installation instructions include shell commands for 'pip install' and 'playwright install chromium'.
- [DATA_EXPOSURE]: The skill writes news reports to the local file system at '~/.local/newsCache'. Users should monitor this directory for data accumulation.
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8). 1. Ingestion points: Content is retrieved from external URLs defined in 'websites.txt' via Playwright MCP in 'agents/news-fetcher.md'. 2. Boundary markers: No delimiters or specific 'ignore instructions' warnings are present to isolate fetched web content. 3. Capability inventory: The skill uses 'playwright_mcp_navigate' and 'browser_snapshot' to ingest data, and writes to the local file system. 4. Sanitization: No evidence of content sanitization or filtering of instructions embedded in the HTML of target websites.
Audit Metadata