news-aggregator-skill
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the execution of a local Python script
scripts/fetch_news.pyto fetch and filter news items based on user-provided or expanded keywords. - [EXTERNAL_DOWNLOADS]: The fetching script makes outbound HTTP requests to several well-known news and social platforms (e.g., Hacker News, GitHub, Weibo) to retrieve headlines. It also supports deep fetching, which downloads the full text content from arbitrary third-party URLs linked in the news items, creating a potential for Server-Side Request Forgery (SSRF) if the agent processes malicious links.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of external content.
- Ingestion points: Data from external websites (titles and body text) is fetched by
scripts/fetch_news.pyand passed to the agent. - Boundary markers: There are no explicit markers or safety instructions used to isolate the fetched content from the agent's core instructions.
- Capability inventory: The agent performs file writing to the
reports/directory and executes subprocesses (the fetcher script). - Sanitization: Content is cleaned of HTML tags but is not sanitized for potential malicious instructions that could manipulate the agent's behavior during the summarization or reporting phase.
Audit Metadata